Updated as of block 17100600 at 4/22/2023, 4:09:11 AM ET
- ID: 204
- Proposer: 0x329c54289Ff5D6B7b7daE13592C6B1EDA1543eD4
- Start Block: 17074091 (4/18/2023, 10:15:59 AM ET)
- End Block: 17093291 (4/21/2023, 3:28:59 AM ET)
- Targets: 0x8AFB5A7EC013fe08C36eFC9B3B48AFed9D53D901
- Executor: 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5 (Short executor)
- Simulation: https://dashboard.tenderly.co/me/simulator/b566324e-a40d-413d-ad4d-88c2f6ab600f
Proposal text
This AIP proposal presents Aave with the opportunity to update AAVE risk parameters on the Aave V3 Ethereum Pool
This AIP proposes the alignment of the AAVE risk parameters on the Aave V3 Ethereum market with those on Aave V2, as the current parameters on Aave V3 are less attractive for users considering migration.
By matching the Aave V2 parameters, we aim to encourage migration and ensure a smoother transition for users. This proposal does not suggest any changes to Aave V3 caps or interest rate strategies.
To make Aave V3 more attractive for migration and to match Aave V2 parameters, we propose the following changes:
- Loan-to-Value (LTV): Increase the LTV from 60% to 66%.
- Liquidation Threshold (LT): Increase the LT from 70% to 73%.
- Liquidation Penalty (LP): Maintain the current LP of 7.5%, as it is already in alignment with Aave V2.
Ticker: AAVE
Contract address: 0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9
| Parameter | Current Aave V3 | Current Aave V2 | Proposed Aave V3 |
|---|---|---|---|
| Loan-to-Value (LTV) | 60% | 66% | 66% |
| Liquidation Threshold (LT) | 70% | 73% | 73% |
| Liquidation Penalty (LP) | 7.5% | 7.5% | 7.5% |
contract AaveV3RiskParams_20230516 is AaveV3PayloadEthereum {
function collateralsUpdates() public pure override returns (IEngine.CollateralUpdate[] memory) {
IEngine.CollateralUpdate[] memory collateralUpdate = new IEngine.CollateralUpdate[](1);
collateralUpdate[0] = IEngine.CollateralUpdate({
asset: AaveV3EthereumAssets.AAVE_UNDERLYING,
ltv: 66_00,
liqThreshold: 73_00,
liqBonus: EngineFlags.KEEP_CURRENT,
debtCeiling: EngineFlags.KEEP_CURRENT,
liqProtocolFee: EngineFlags.KEEP_CURRENT,
eModeCategory: EngineFlags.KEEP_CURRENT
});
return collateralUpdate;
}
}A list of relevant links like for this proposal:
The proposal Payload was reviewed by Bored Ghost Developing.
Copyright and related rights waived via CC0.
Info:
- State changes:
# KeeperRegistry at `0x02777053d6764996e594c3E88AF1D58D5363a2e6`
@@ Slot `0x3bd6b57f9be289ff2f53ea4037631de37cd5b4e06bd5a1933da13a2a3ebc9d92` @@
- "0x000000352255ffc30f02bac23615fa045f00ae0ed60dc0141911757c2adc5e03"
+ "0x000000355510798c7fdc86203615fa045f00ae0ed60dc0141911757c2adc5e03"
@@ `s_upkeep` key `"95299183306293242919258731417449887125989356901836642522229237728515662948291"`.balance @@
- 113069187676455394454
+ 109413819722802106680
@@ `s_upkeep` key `"95299183306293242919258731417449887125989356901836642522229237728515662948291"`.executeGas @@
- 1284678506
+ 3178000072
# InitializableImmutableAdminUpgradeabilityProxy at `0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2` with implementation Pool at `0xfCc00A1e250644d89AF0df661bC6f04891E21585`
@@ `_reserves` key `0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9`.configuration.data @@
- 5708990924515826536864041682300749060760804005744
+ 5708990924515826536864041682300749060760823667144
# decoded configuration.data for key `0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9` (symbol: AAVE)
@@ configuration.data.ltv @@
- 6000
+ 6600
@@ configuration.data.liquidationThreshold @@
- 7000
+ 7300
Info:
- There is no SELFDESTRUCT inside of delegated call
Info:
- Events Emitted:
- InitializableImmutableAdminUpgradeabilityProxy at
0x64b761D848206f447Fe2dd461b0c635Ec39EbB27with implementation PoolConfigurator at0xFDA7ffA872bDc906D43079EA134ebC9a511db0c2CollateralConfigurationChanged(asset: 0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9, ltv: 6600, liquidationThreshold: 7300, liquidationBonus: 10750)
- KeeperRegistry at
0x02777053d6764996e594c3E88AF1D58D5363a2e6UpkeepPerformed(id: 95299183306293242919258731417449887125989356901836642522229237728515662948291, success: true, from: 0xa7b2cf222d287d568e24085e514d4b197759394f, payment: 3655367953653287774, performData: 0x0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000cc0000000000000000000000000000000000000000000000000000000000000001)
- InitializableImmutableAdminUpgradeabilityProxy at
Info:
- Targets:
- 0x8AFB5A7EC013fe08C36eFC9B3B48AFed9D53D901: Contract (not verified)
Info:
- Touched address:
- 0xa7b2Cf222d287D568E24085E514d4b197759394f: EOA (verification not applicable)
- 0x02777053d6764996e594c3E88AF1D58D5363a2e6: Contract (verified) (KeeperRegistry)
- 0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C: Contract (verified) (EACAggregatorProxy)
- 0x785433d8b06D77D68dF6be63944742130A4530d1: Contract (verified) (AccessControlledOffchainAggregator)
- 0xDC530D9457755926550b59e8ECcdaE7624181557: Contract (verified) (EACAggregatorProxy)
- 0xbba12740DE905707251525477bAD74985DeC46D2: Contract (verified) (AccessControlledOffchainAggregator)
- 0x943AcD0c93d7a8Bee7dA5Fd0DC3d0028237074d6: Contract (verified) (EthRobotKeeper)
- 0xEC568fffba86c094cf06b22134B23074DFE2252c: Contract (verified) (AaveGovernanceV2)
- 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5: Contract (verified) (Executor)
- 0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e: Contract (verified) (GovernanceStrategy)
- 0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0x96F68837877fd0414B55050c9e794AECdBcfCA59: Contract (not verified)
- 0x8AFB5A7EC013fe08C36eFC9B3B48AFed9D53D901: Contract (not verified)
- 0xE202F2fc4b6A37Ba53cfD15bE42a762A645FCA07: Contract (not verified)
- 0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0xfCc00A1e250644d89AF0df661bC6f04891E21585: Contract (verified) (Pool)
- 0x64b761D848206f447Fe2dd461b0c635Ec39EbB27: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0xFDA7ffA872bDc906D43079EA134ebC9a511db0c2: Contract (verified) (PoolConfigurator)
- 0x2f39d218133AFaB8F2B819B1066c7E434Ad94E9e: Contract (verified) (PoolAddressesProvider)
- 0xc2aaCf6553D20d1e9d78E365AAba8032af9c85b0: Contract (verified) (ACLManager)
Info:
View Details
View warnings for EACAggregatorProxy at `0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:283:7: Warning: This declaration shadows an existing declaration.
uint80 roundId,
^------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:273:7: The shadowed declaration is here:
uint80 roundId,
^------------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:284:7: Warning: This declaration shadows an existing declaration.
int256 answer,
^-----------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:274:7: The shadowed declaration is here:
int256 answer,
^-----------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:285:7: Warning: This declaration shadows an existing declaration.
uint256 startedAt,
^---------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:275:7: The shadowed declaration is here:
uint256 startedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:286:7: Warning: This declaration shadows an existing declaration.
uint256 updatedAt,
^---------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:276:7: The shadowed declaration is here:
uint256 updatedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:331:7: Warning: This declaration shadows an existing declaration.
uint80 roundId,
^------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:321:7: The shadowed declaration is here:
uint80 roundId,
^------------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:332:7: Warning: This declaration shadows an existing declaration.
int256 answer,
^-----------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:322:7: The shadowed declaration is here:
int256 answer,
^-----------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:333:7: Warning: This declaration shadows an existing declaration.
uint256 startedAt,
^---------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:323:7: The shadowed declaration is here:
uint256 startedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:334:7: Warning: This declaration shadows an existing declaration.
uint256 updatedAt,
^---------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:324:7: The shadowed declaration is here:
uint256 updatedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:513:5: Warning: This declaration shadows an existing declaration.
uint16 phaseId = uint16(_roundId >> PHASE_OFFSET);
^------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:410:3: The shadowed declaration is here:
function phaseId()
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:525:7: Warning: This declaration shadows an existing declaration.
uint16 phaseId
^------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:410:3: The shadowed declaration is here:
function phaseId()
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:495:3: Warning: Function state mutability can be restricted to pure
function addPhase(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:506:3: Warning: Function state mutability can be restricted to pure
function parseIds(
^ (Relevant source part starts here and spans across multiple lines).
View warnings for PoolAddressesProvider at `0x2f39d218133AFaB8F2B819B1066c7E434Ad94E9e`
WARNING:CryticCompile:Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x64b761D848206f447Fe2dd461b0c635Ec39EbB27` with implementation PoolConfigurator at `0xFDA7ffA872bDc906D43079EA134ebC9a511db0c2`
WARNING:CryticCompile:Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
View warnings for AccessControlledOffchainAggregator at `0x785433d8b06D77D68dF6be63944742130A4530d1`
WARNING:CryticCompile:Warning: OffchainAggregator.sol:461:7: Warning: This declaration shadows an existing declaration.
int192 latestAnswer,
^-----------------^
OffchainAggregator.sol:653:3: The shadowed declaration is here:
function latestAnswer()
^ (Relevant source part starts here and spans across multiple lines).
Warning: OffchainAggregator.sol:462:7: Warning: This declaration shadows an existing declaration.
uint64 latestTimestamp
^--------------------^
OffchainAggregator.sol:666:3: The shadowed declaration is here:
function latestTimestamp()
^ (Relevant source part starts here and spans across multiple lines).
Warning: AccessControlledOffchainAggregator.sol:25:5: Warning: This declaration shadows an existing declaration.
string memory description
^-----------------------^
AccessControlledOffchainAggregator.sol:108:3: The shadowed declaration is here:
function description()
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation unknown contract name at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
WARNING:CryticCompile:Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2` with implementation Pool at `0xfCc00A1e250644d89AF0df661bC6f04891E21585`
WARNING:CryticCompile:Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
View warnings for EthRobotKeeper at `0x943AcD0c93d7a8Bee7dA5Fd0DC3d0028237074d6`
ERROR:CryticCompile:ParserError: ParserError: Source "aave-address-book/AaveGovernanceV2.sol" not found: File not found. Searched the following locations: "".
--> src/contracts/EthRobotKeeper.sol:4:1:
|
4 | import {IAaveGovernanceV2} from 'aave-address-book/AaveGovernanceV2.sol';
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "solidity-utils/contracts/oz-common/Ownable.sol" not found: File not found. Searched the following locations: "".
--> src/contracts/EthRobotKeeper.sol:7:1:
|
7 | import {Ownable} from 'solidity-utils/contracts/oz-common/Ownable.sol';
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "chainlink-brownie-contracts/interfaces/AutomationCompatibleInterface.sol" not found: File not found. Searched the following locations: "".
--> src/interfaces/IGovernanceRobotKeeper.sol:4:1:
|
4 | import {AutomationCompatibleInterface} from 'chainlink-brownie-contracts/interfaces/AutomationCompatibleInterface.sol';
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "aave-address-book/AaveGovernanceV2.sol" not found: File not found. Searched the following locations: "".
--> src/interfaces/IProposalValidator.sol:5:1:
|
5 | import {IAaveGovernanceV2} from 'aave-address-book/AaveGovernanceV2.sol';
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
View warnings for AccessControlledOffchainAggregator at `0xbba12740DE905707251525477bAD74985DeC46D2`
WARNING:CryticCompile:Warning: OffchainAggregator.sol:461:7: Warning: This declaration shadows an existing declaration.
int192 latestAnswer,
^-----------------^
OffchainAggregator.sol:653:3: The shadowed declaration is here:
function latestAnswer()
^ (Relevant source part starts here and spans across multiple lines).
Warning: OffchainAggregator.sol:462:7: Warning: This declaration shadows an existing declaration.
uint64 latestTimestamp
^--------------------^
OffchainAggregator.sol:666:3: The shadowed declaration is here:
function latestTimestamp()
^ (Relevant source part starts here and spans across multiple lines).
Warning: AccessControlledOffchainAggregator.sol:25:5: Warning: This declaration shadows an existing declaration.
string memory description
^-----------------------^
AccessControlledOffchainAggregator.sol:108:3: The shadowed declaration is here:
function description()
^ (Relevant source part starts here and spans across multiple lines).
View warnings for EACAggregatorProxy at `0xDC530D9457755926550b59e8ECcdaE7624181557`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:283:7: Warning: This declaration shadows an existing declaration.
uint80 roundId,
^------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:273:7: The shadowed declaration is here:
uint80 roundId,
^------------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:284:7: Warning: This declaration shadows an existing declaration.
int256 answer,
^-----------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:274:7: The shadowed declaration is here:
int256 answer,
^-----------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:285:7: Warning: This declaration shadows an existing declaration.
uint256 startedAt,
^---------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:275:7: The shadowed declaration is here:
uint256 startedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:286:7: Warning: This declaration shadows an existing declaration.
uint256 updatedAt,
^---------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:276:7: The shadowed declaration is here:
uint256 updatedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:331:7: Warning: This declaration shadows an existing declaration.
uint80 roundId,
^------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:321:7: The shadowed declaration is here:
uint80 roundId,
^------------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:332:7: Warning: This declaration shadows an existing declaration.
int256 answer,
^-----------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:322:7: The shadowed declaration is here:
int256 answer,
^-----------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:333:7: Warning: This declaration shadows an existing declaration.
uint256 startedAt,
^---------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:323:7: The shadowed declaration is here:
uint256 startedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:334:7: Warning: This declaration shadows an existing declaration.
uint256 updatedAt,
^---------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:324:7: The shadowed declaration is here:
uint256 updatedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:513:5: Warning: This declaration shadows an existing declaration.
uint16 phaseId = uint16(_roundId >> PHASE_OFFSET);
^------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:410:3: The shadowed declaration is here:
function phaseId()
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:525:7: Warning: This declaration shadows an existing declaration.
uint16 phaseId
^------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:410:3: The shadowed declaration is here:
function phaseId()
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:495:3: Warning: Function state mutability can be restricted to pure
function addPhase(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:506:3: Warning: Function state mutability can be restricted to pure
function parseIds(
^ (Relevant source part starts here and spans across multiple lines).
View warnings for PoolConfigurator at `0xFDA7ffA872bDc906D43079EA134ebC9a511db0c2`
WARNING:CryticCompile:Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Info:
View Details
Slither report for KeeperRegistry at `0x02777053d6764996e594c3E88AF1D58D5363a2e6`
INFO:Detectors:
KeeperRegistry.addFunds(uint256,uint96) (contracts/v0.8/KeeperRegistry.sol#297-302) ignores return value by LINK.transferFrom(msg.sender,address(this),amount) (contracts/v0.8/KeeperRegistry.sol#300)
KeeperRegistry.withdrawFunds(uint256,address) (contracts/v0.8/KeeperRegistry.sol#331-355) ignores return value by LINK.transfer(to,amountToWithdraw) (contracts/v0.8/KeeperRegistry.sol#354)
KeeperRegistry.withdrawOwnerFunds() (contracts/v0.8/KeeperRegistry.sol#360-368) ignores return value by LINK.transfer(msg.sender,amount) (contracts/v0.8/KeeperRegistry.sol#367)
KeeperRegistry.recoverFunds() (contracts/v0.8/KeeperRegistry.sol#389-392) ignores return value by LINK.transfer(msg.sender,total - s_expectedLinkBalance) (contracts/v0.8/KeeperRegistry.sol#391)
KeeperRegistry.withdrawPayment(address,address) (contracts/v0.8/KeeperRegistry.sol#399-408) ignores return value by LINK.transfer(to,keeper.balance) (contracts/v0.8/KeeperRegistry.sol#407)
KeeperRegistry.migrateUpkeeps(uint256[],address) (contracts/v0.8/KeeperRegistry.sol#648-683) ignores return value by LINK.transfer(destination,totalBalanceRemaining) (contracts/v0.8/KeeperRegistry.sol#682)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
INFO:Detectors:
KeeperBase.preventExecution() (contracts/v0.8/KeeperBase.sol#11-15) uses tx.origin for authorization: tx.origin != address(0) (contracts/v0.8/KeeperBase.sol#12)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-usage-of-txorigin
INFO:Detectors:
KeeperRegistry.cancelUpkeep(uint256) (contracts/v0.8/KeeperRegistry.sol#273-289) ignores return value by s_upkeepIDs.remove(id) (contracts/v0.8/KeeperRegistry.sol#286)
KeeperRegistry.migrateUpkeeps(uint256[],address) (contracts/v0.8/KeeperRegistry.sol#648-683) ignores return value by s_upkeepIDs.remove(id) (contracts/v0.8/KeeperRegistry.sol#670)
KeeperRegistry._createUpkeep(uint256,address,uint32,address,uint96,bytes) (contracts/v0.8/KeeperRegistry.sol#723-745) ignores return value by s_upkeepIDs.add(id) (contracts/v0.8/KeeperRegistry.sol#744)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
Reentrancy in KeeperRegistry.addFunds(uint256,uint96) (contracts/v0.8/KeeperRegistry.sol#297-302):
External calls:
- LINK.transferFrom(msg.sender,address(this),amount) (contracts/v0.8/KeeperRegistry.sol#300)
Event emitted after the call(s):
- FundsAdded(id,msg.sender,amount) (contracts/v0.8/KeeperRegistry.sol#301)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
KeeperRegistry._getFeedData() (contracts/v0.8/KeeperRegistry.sol#753-771) uses timestamp for comparisons
Dangerous comparisons:
- (staleFallback && stalenessSeconds < block.timestamp - timestamp) || feedValue <= 0 (contracts/v0.8/KeeperRegistry.sol#759)
- (staleFallback && stalenessSeconds < block.timestamp - timestamp) || feedValue <= 0 (contracts/v0.8/KeeperRegistry.sol#765)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.verifyCallResult(bool,bytes,string) (@openzeppelin/contracts/utils/Address.sol#201-221) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/Address.sol#213-216)
EnumerableSet.values(EnumerableSet.AddressSet) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#274-283) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#278-280)
EnumerableSet.values(EnumerableSet.UintSet) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#347-356) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#351-353)
KeeperRegistry._callWithExactGas(uint256,address,bytes) (contracts/v0.8/KeeperRegistry.sol#792-817) uses assembly
- INLINE ASM (contracts/v0.8/KeeperRegistry.sol#797-815)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
KeeperRegistry.migrateUpkeeps(uint256[],address) (contracts/v0.8/KeeperRegistry.sol#648-683) has costly operations inside a loop:
- delete s_upkeep[id] (contracts/v0.8/KeeperRegistry.sol#668)
KeeperRegistry.migrateUpkeeps(uint256[],address) (contracts/v0.8/KeeperRegistry.sol#648-683) has costly operations inside a loop:
- delete s_checkData[id] (contracts/v0.8/KeeperRegistry.sol#669)
KeeperRegistry._createUpkeep(uint256,address,uint32,address,uint96,bytes) (contracts/v0.8/KeeperRegistry.sol#723-745) has costly operations inside a loop:
- s_expectedLinkBalance = s_expectedLinkBalance + balance (contracts/v0.8/KeeperRegistry.sol#742)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#costly-operations-inside-a-loop
INFO:Detectors:
Address.functionCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#85-87) is never used and should be removed
Address.functionCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#95-101) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (@openzeppelin/contracts/utils/Address.sol#114-120) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts/utils/Address.sol#128-139) is never used and should be removed
Address.functionDelegateCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#174-176) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#184-193) is never used and should be removed
Address.functionStaticCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#147-149) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#157-166) is never used and should be removed
Address.sendValue(address,uint256) (@openzeppelin/contracts/utils/Address.sol#60-65) is never used and should be removed
Address.verifyCallResult(bool,bytes,string) (@openzeppelin/contracts/utils/Address.sol#201-221) is never used and should be removed
Context._msgData() (@openzeppelin/contracts/utils/Context.sol#21-23) is never used and should be removed
EnumerableSet._values(EnumerableSet.Set) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#142-144) is never used and should be removed
EnumerableSet.add(EnumerableSet.AddressSet,address) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#224-226) is never used and should be removed
EnumerableSet.add(EnumerableSet.Bytes32Set,bytes32) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#158-160) is never used and should be removed
EnumerableSet.at(EnumerableSet.AddressSet,uint256) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#262-264) is never used and should be removed
EnumerableSet.at(EnumerableSet.Bytes32Set,uint256) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#196-198) is never used and should be removed
EnumerableSet.contains(EnumerableSet.AddressSet,address) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#241-243) is never used and should be removed
EnumerableSet.contains(EnumerableSet.Bytes32Set,bytes32) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#175-177) is never used and should be removed
EnumerableSet.contains(EnumerableSet.UintSet,uint256) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#314-316) is never used and should be removed
EnumerableSet.length(EnumerableSet.AddressSet) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#248-250) is never used and should be removed
EnumerableSet.length(EnumerableSet.Bytes32Set) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#182-184) is never used and should be removed
EnumerableSet.remove(EnumerableSet.AddressSet,address) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#234-236) is never used and should be removed
EnumerableSet.remove(EnumerableSet.Bytes32Set,bytes32) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#168-170) is never used and should be removed
EnumerableSet.values(EnumerableSet.AddressSet) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#274-283) is never used and should be removed
EnumerableSet.values(EnumerableSet.Bytes32Set) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#208-210) is never used and should be removed
EnumerableSet.values(EnumerableSet.UintSet) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#347-356) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@openzeppelin/contracts/utils/Address.sol#60-65):
- (success) = recipient.call{value: amount}() (@openzeppelin/contracts/utils/Address.sol#63)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts/utils/Address.sol#128-139):
- (success,returndata) = target.call{value: value}(data) (@openzeppelin/contracts/utils/Address.sol#137)
Low level call in Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#157-166):
- (success,returndata) = target.staticcall(data) (@openzeppelin/contracts/utils/Address.sol#164)
Low level call in Address.functionDelegateCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#184-193):
- (success,returndata) = target.delegatecall(data) (@openzeppelin/contracts/utils/Address.sol#191)
Low level call in KeeperRegistry.checkUpkeep(uint256,address) (contracts/v0.8/KeeperRegistry.sol#226-252):
- (success,result) = upkeep.target.call{gas: s_storage.checkGasLimit}(callData) (contracts/v0.8/KeeperRegistry.sol#241)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Variable ConfirmedOwnerWithProposal.s_owner (contracts/v0.8/ConfirmedOwnerWithProposal.sol#11) is not in mixedCase
Variable ConfirmedOwnerWithProposal.s_pendingOwner (contracts/v0.8/ConfirmedOwnerWithProposal.sol#12) is not in mixedCase
Variable KeeperRegistry.s_keeperList (contracts/v0.8/KeeperRegistry.sol#48) is not in mixedCase
Variable KeeperRegistry.s_upkeepIDs (contracts/v0.8/KeeperRegistry.sol#49) is not in mixedCase
Variable KeeperRegistry.s_upkeep (contracts/v0.8/KeeperRegistry.sol#50) is not in mixedCase
Variable KeeperRegistry.s_keeperInfo (contracts/v0.8/KeeperRegistry.sol#51) is not in mixedCase
Variable KeeperRegistry.s_proposedPayee (contracts/v0.8/KeeperRegistry.sol#52) is not in mixedCase
Variable KeeperRegistry.s_checkData (contracts/v0.8/KeeperRegistry.sol#53) is not in mixedCase
Variable KeeperRegistry.s_peerRegistryMigrationPermission (contracts/v0.8/KeeperRegistry.sol#54) is not in mixedCase
Variable KeeperRegistry.s_storage (contracts/v0.8/KeeperRegistry.sol#55) is not in mixedCase
Variable KeeperRegistry.s_fallbackGasPrice (contracts/v0.8/KeeperRegistry.sol#56) is not in mixedCase
Variable KeeperRegistry.s_fallbackLinkPrice (contracts/v0.8/KeeperRegistry.sol#57) is not in mixedCase
Variable KeeperRegistry.s_ownerLinkBalance (contracts/v0.8/KeeperRegistry.sol#58) is not in mixedCase
Variable KeeperRegistry.s_expectedLinkBalance (contracts/v0.8/KeeperRegistry.sol#59) is not in mixedCase
Variable KeeperRegistry.s_transcoder (contracts/v0.8/KeeperRegistry.sol#60) is not in mixedCase
Variable KeeperRegistry.s_registrar (contracts/v0.8/KeeperRegistry.sol#61) is not in mixedCase
Variable KeeperRegistry.LINK (contracts/v0.8/KeeperRegistry.sol#63) is not in mixedCase
Variable KeeperRegistry.LINK_ETH_FEED (contracts/v0.8/KeeperRegistry.sol#64) is not in mixedCase
Variable KeeperRegistry.FAST_GAS_FEED (contracts/v0.8/KeeperRegistry.sol#65) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x02777053d6764996e594c3E88AF1D58D5363a2e6 analyzed (20 contracts with 79 detectors), 69 result(s) found
Slither report for EACAggregatorProxy at `0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C`
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:283:7: Warning: This declaration shadows an existing declaration.
uint80 roundId,
^------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:273:7: The shadowed declaration is here:
uint80 roundId,
^------------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:284:7: Warning: This declaration shadows an existing declaration.
int256 answer,
^-----------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:274:7: The shadowed declaration is here:
int256 answer,
^-----------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:285:7: Warning: This declaration shadows an existing declaration.
uint256 startedAt,
^---------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:275:7: The shadowed declaration is here:
uint256 startedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:286:7: Warning: This declaration shadows an existing declaration.
uint256 updatedAt,
^---------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:276:7: The shadowed declaration is here:
uint256 updatedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:331:7: Warning: This declaration shadows an existing declaration.
uint80 roundId,
^------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:321:7: The shadowed declaration is here:
uint80 roundId,
^------------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:332:7: Warning: This declaration shadows an existing declaration.
int256 answer,
^-----------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:322:7: The shadowed declaration is here:
int256 answer,
^-----------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:333:7: Warning: This declaration shadows an existing declaration.
uint256 startedAt,
^---------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:323:7: The shadowed declaration is here:
uint256 startedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:334:7: Warning: This declaration shadows an existing declaration.
uint256 updatedAt,
^---------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:324:7: The shadowed declaration is here:
uint256 updatedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:513:5: Warning: This declaration shadows an existing declaration.
uint16 phaseId = uint16(_roundId >> PHASE_OFFSET);
^------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:410:3: The shadowed declaration is here:
function phaseId()
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:525:7: Warning: This declaration shadows an existing declaration.
uint16 phaseId
^------------^
crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:410:3: The shadowed declaration is here:
function phaseId()
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:495:3: Warning: Function state mutability can be restricted to pure
function addPhase(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol:506:3: Warning: Function state mutability can be restricted to pure
function parseIds(
^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
AggregatorProxy.latestRoundData().roundId_scope_0 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#331) is a local variable never initialized
AggregatorProxy.latestRoundData().updatedAt_scope_3 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#334) is a local variable never initialized
AggregatorProxy.getRoundData(uint80).roundId_scope_0 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#283) is a local variable never initialized
AggregatorProxy.latestRoundData().answer_scope_1 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#332) is a local variable never initialized
AggregatorProxy.getRoundData(uint80).startedAt_scope_2 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#285) is a local variable never initialized
AggregatorProxy.latestRoundData().startedAt_scope_2 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#333) is a local variable never initialized
AggregatorProxy.getRoundData(uint80).answer_scope_1 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#284) is a local variable never initialized
AggregatorProxy.getRoundData(uint80).updatedAt_scope_3 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#286) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
INFO:Detectors:
AggregatorProxy.getAnswer(uint256).phaseId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#189) shadows:
- AggregatorProxy.phaseId() (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#410-416) (function)
AggregatorProxy.getAnswer(uint256).aggregator (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#190) shadows:
- AggregatorProxy.aggregator() (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#399-405) (function)
AggregatorProxy.getTimestamp(uint256).phaseId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#214) shadows:
- AggregatorProxy.phaseId() (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#410-416) (function)
AggregatorProxy.getTimestamp(uint256).aggregator (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#215) shadows:
- AggregatorProxy.aggregator() (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#399-405) (function)
AggregatorProxy.getRoundData(uint80).phaseId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#280) shadows:
- AggregatorProxy.phaseId() (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#410-416) (function)
AggregatorProxy.getRoundData(uint80).roundId_scope_0 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#283) shadows:
- AggregatorProxy.getRoundData(uint80).roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#273) (return variable)
- AggregatorProxy.getRoundData(uint80).roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#273) (return variable)
- AggregatorProxy.getRoundData(uint80).roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#273) (return variable)
- AggregatorProxy.getRoundData(uint80).roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#273) (return variable)
- AggregatorProxy.getRoundData(uint80).roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#273) (return variable)
AggregatorProxy.getRoundData(uint80).answer_scope_1 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#284) shadows:
- AggregatorProxy.getRoundData(uint80).answer (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#274) (return variable)
- AggregatorProxy.getRoundData(uint80).answer (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#274) (return variable)
- AggregatorProxy.getRoundData(uint80).answer (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#274) (return variable)
- AggregatorProxy.getRoundData(uint80).answer (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#274) (return variable)
- AggregatorProxy.getRoundData(uint80).answer (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#274) (return variable)
AggregatorProxy.getRoundData(uint80).startedAt_scope_2 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#285) shadows:
- AggregatorProxy.getRoundData(uint80).startedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#275) (return variable)
- AggregatorProxy.getRoundData(uint80).startedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#275) (return variable)
- AggregatorProxy.getRoundData(uint80).startedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#275) (return variable)
- AggregatorProxy.getRoundData(uint80).startedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#275) (return variable)
- AggregatorProxy.getRoundData(uint80).startedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#275) (return variable)
AggregatorProxy.getRoundData(uint80).updatedAt_scope_3 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#286) shadows:
- AggregatorProxy.getRoundData(uint80).updatedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#276) (return variable)
- AggregatorProxy.getRoundData(uint80).updatedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#276) (return variable)
- AggregatorProxy.getRoundData(uint80).updatedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#276) (return variable)
- AggregatorProxy.getRoundData(uint80).updatedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#276) (return variable)
- AggregatorProxy.getRoundData(uint80).updatedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#276) (return variable)
AggregatorProxy.latestRoundData().roundId_scope_0 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#331) shadows:
- AggregatorProxy.latestRoundData().roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#321) (return variable)
- AggregatorProxy.latestRoundData().roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#321) (return variable)
- AggregatorProxy.latestRoundData().roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#321) (return variable)
- AggregatorProxy.latestRoundData().roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#321) (return variable)
- AggregatorProxy.latestRoundData().roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#321) (return variable)
AggregatorProxy.latestRoundData().answer_scope_1 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#332) shadows:
- AggregatorProxy.latestRoundData().answer (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#322) (return variable)
- AggregatorProxy.latestRoundData().answer (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#322) (return variable)
- AggregatorProxy.latestRoundData().answer (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#322) (return variable)
- AggregatorProxy.latestRoundData().answer (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#322) (return variable)
- AggregatorProxy.latestRoundData().answer (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#322) (return variable)
AggregatorProxy.latestRoundData().startedAt_scope_2 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#333) shadows:
- AggregatorProxy.latestRoundData().startedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#323) (return variable)
- AggregatorProxy.latestRoundData().startedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#323) (return variable)
- AggregatorProxy.latestRoundData().startedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#323) (return variable)
- AggregatorProxy.latestRoundData().startedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#323) (return variable)
- AggregatorProxy.latestRoundData().startedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#323) (return variable)
AggregatorProxy.latestRoundData().updatedAt_scope_3 (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#334) shadows:
- AggregatorProxy.latestRoundData().updatedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#324) (return variable)
- AggregatorProxy.latestRoundData().updatedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#324) (return variable)
- AggregatorProxy.latestRoundData().updatedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#324) (return variable)
- AggregatorProxy.latestRoundData().updatedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#324) (return variable)
- AggregatorProxy.latestRoundData().updatedAt (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#324) (return variable)
AggregatorProxy.parseIds(uint256).phaseId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#513) shadows:
- AggregatorProxy.phaseId() (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#410-416) (function)
AggregatorProxy.addPhaseIds(uint80,int256,uint256,uint256,uint80,uint16).phaseId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#525) shadows:
- AggregatorProxy.phaseId() (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#410-416) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
Owned.transferOwnership(address)._to (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#30) lacks a zero-check on :
- pendingOwner = _to (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#34)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Parameter Owned.transferOwnership(address)._to (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#30) is not in mixedCase
Parameter AggregatorProxy.getAnswer(uint256)._roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#180) is not in mixedCase
Parameter AggregatorProxy.getTimestamp(uint256)._roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#205) is not in mixedCase
Parameter AggregatorProxy.getRoundData(uint80)._roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#267) is not in mixedCase
Parameter AggregatorProxy.proposedGetRoundData(uint80)._roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#353) is not in mixedCase
Parameter AggregatorProxy.proposeAggregator(address)._aggregator (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#459) is not in mixedCase
Parameter AggregatorProxy.confirmAggregator(address)._aggregator (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#473) is not in mixedCase
Parameter AggregatorProxy.setAggregator(address)._aggregator (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#487) is not in mixedCase
Parameter AggregatorProxy.addPhase(uint16,uint64)._phase (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#496) is not in mixedCase
Parameter AggregatorProxy.addPhase(uint16,uint64)._originalId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#497) is not in mixedCase
Parameter AggregatorProxy.parseIds(uint256)._roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#507) is not in mixedCase
Parameter EACAggregatorProxy.setController(address)._accessController (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#582) is not in mixedCase
Parameter EACAggregatorProxy.getAnswer(uint256)._roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#638) is not in mixedCase
Parameter EACAggregatorProxy.getTimestamp(uint256)._roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#658) is not in mixedCase
Parameter EACAggregatorProxy.getRoundData(uint80)._roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#710) is not in mixedCase
Parameter EACAggregatorProxy.proposedGetRoundData(uint80)._roundId (crytic-export/etherscan-contracts/0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C-EACAggregatorProxy.sol#776) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x169E633A2D1E6c10dD91238Ba11c4A708dfEF37C analyzed (7 contracts with 79 detectors), 40 result(s) found
Slither report for PoolAddressesProvider at `0x2f39d218133AFaB8F2B819B1066c7E434Ad94E9e`
Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
Reentrancy in PoolAddressesProvider.setAddressAsProxy(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#64-73):
External calls:
- oldImplementationAddress = _getProxyImplementation(id) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#70)
- InitializableImmutableAdminUpgradeabilityProxy(payableProxyAddress).implementation() (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#207)
- _updateImpl(id,newImplementationAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#71)
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
- proxy.upgradeToAndCall(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#180)
State variables written after the call(s):
- _updateImpl(id,newImplementationAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#71)
- _addresses[id] = proxyAddress = address(proxy) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#175)
PoolAddressesProvider._addresses (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#20) can be used in cross function reentrancies:
- PoolAddressesProvider._getProxyImplementation(bytes32) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#201-209)
- PoolAddressesProvider._updateImpl(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#168-182)
- PoolAddressesProvider.getAddress(bytes32) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#52-54)
- PoolAddressesProvider.setACLAdmin(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#129-133)
- PoolAddressesProvider.setACLManager(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#117-121)
- PoolAddressesProvider.setAddress(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#57-61)
- PoolAddressesProvider.setAddressAsProxy(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#64-73)
- PoolAddressesProvider.setPoolDataProvider(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#153-157)
- PoolAddressesProvider.setPriceOracle(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#105-109)
- PoolAddressesProvider.setPriceOracleSentinel(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#141-145)
Reentrancy in PoolAddressesProvider.setPoolConfiguratorImpl(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#93-97):
External calls:
- oldPoolConfiguratorImpl = _getProxyImplementation(POOL_CONFIGURATOR) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#94)
- InitializableImmutableAdminUpgradeabilityProxy(payableProxyAddress).implementation() (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#207)
- _updateImpl(POOL_CONFIGURATOR,newPoolConfiguratorImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#95)
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
- proxy.upgradeToAndCall(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#180)
State variables written after the call(s):
- _updateImpl(POOL_CONFIGURATOR,newPoolConfiguratorImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#95)
- _addresses[id] = proxyAddress = address(proxy) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#175)
PoolAddressesProvider._addresses (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#20) can be used in cross function reentrancies:
- PoolAddressesProvider._getProxyImplementation(bytes32) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#201-209)
- PoolAddressesProvider._updateImpl(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#168-182)
- PoolAddressesProvider.getAddress(bytes32) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#52-54)
- PoolAddressesProvider.setACLAdmin(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#129-133)
- PoolAddressesProvider.setACLManager(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#117-121)
- PoolAddressesProvider.setAddress(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#57-61)
- PoolAddressesProvider.setAddressAsProxy(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#64-73)
- PoolAddressesProvider.setPoolDataProvider(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#153-157)
- PoolAddressesProvider.setPriceOracle(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#105-109)
- PoolAddressesProvider.setPriceOracleSentinel(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#141-145)
Reentrancy in PoolAddressesProvider.setPoolImpl(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#81-85):
External calls:
- oldPoolImpl = _getProxyImplementation(POOL) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#82)
- InitializableImmutableAdminUpgradeabilityProxy(payableProxyAddress).implementation() (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#207)
- _updateImpl(POOL,newPoolImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#83)
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
- proxy.upgradeToAndCall(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#180)
State variables written after the call(s):
- _updateImpl(POOL,newPoolImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#83)
- _addresses[id] = proxyAddress = address(proxy) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#175)
PoolAddressesProvider._addresses (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#20) can be used in cross function reentrancies:
- PoolAddressesProvider._getProxyImplementation(bytes32) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#201-209)
- PoolAddressesProvider._updateImpl(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#168-182)
- PoolAddressesProvider.getAddress(bytes32) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#52-54)
- PoolAddressesProvider.setACLAdmin(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#129-133)
- PoolAddressesProvider.setACLManager(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#117-121)
- PoolAddressesProvider.setAddress(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#57-61)
- PoolAddressesProvider.setAddressAsProxy(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#64-73)
- PoolAddressesProvider.setPoolDataProvider(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#153-157)
- PoolAddressesProvider.setPriceOracle(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#105-109)
- PoolAddressesProvider.setPriceOracleSentinel(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#141-145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
PoolAddressesProvider.constructor(string,address).owner (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#36) shadows:
- Ownable.owner() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Ownable.sol#36-38) (function)
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#21) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#27-33) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Reentrancy in PoolAddressesProvider._updateImpl(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#168-182):
External calls:
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
Event emitted after the call(s):
- ProxyCreated(id,proxyAddress,newAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#177)
Reentrancy in PoolAddressesProvider.setAddressAsProxy(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#64-73):
External calls:
- oldImplementationAddress = _getProxyImplementation(id) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#70)
- InitializableImmutableAdminUpgradeabilityProxy(payableProxyAddress).implementation() (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#207)
- _updateImpl(id,newImplementationAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#71)
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
- proxy.upgradeToAndCall(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#180)
Event emitted after the call(s):
- AddressSetAsProxy(id,proxyAddress,oldImplementationAddress,newImplementationAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#72)
- ProxyCreated(id,proxyAddress,newAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#177)
- _updateImpl(id,newImplementationAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#71)
Reentrancy in PoolAddressesProvider.setPoolConfiguratorImpl(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#93-97):
External calls:
- oldPoolConfiguratorImpl = _getProxyImplementation(POOL_CONFIGURATOR) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#94)
- InitializableImmutableAdminUpgradeabilityProxy(payableProxyAddress).implementation() (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#207)
- _updateImpl(POOL_CONFIGURATOR,newPoolConfiguratorImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#95)
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
- proxy.upgradeToAndCall(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#180)
Event emitted after the call(s):
- PoolConfiguratorUpdated(oldPoolConfiguratorImpl,newPoolConfiguratorImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#96)
- ProxyCreated(id,proxyAddress,newAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#177)
- _updateImpl(POOL_CONFIGURATOR,newPoolConfiguratorImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#95)
Reentrancy in PoolAddressesProvider.setPoolImpl(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#81-85):
External calls:
- oldPoolImpl = _getProxyImplementation(POOL) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#82)
- InitializableImmutableAdminUpgradeabilityProxy(payableProxyAddress).implementation() (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#207)
- _updateImpl(POOL,newPoolImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#83)
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
- proxy.upgradeToAndCall(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#180)
Event emitted after the call(s):
- PoolUpdated(oldPoolImpl,newPoolImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#84)
- ProxyCreated(id,proxyAddress,newAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#177)
- _updateImpl(POOL,newPoolImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#83)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
Address.isContract(address) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#32-38) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#35-37)
BaseUpgradeabilityProxy._setImplementation(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#53-65) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#62-64)
Proxy._delegate(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#32-56) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#34-55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69-77):
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy._admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Slither:0x2f39d218133AFaB8F2B819B1066c7E434Ad94E9e analyzed (10 contracts with 79 detectors), 27 result(s) found
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x64b761D848206f447Fe2dd461b0c635Ec39EbB27` with implementation PoolConfigurator at `0xFDA7ffA872bDc906D43079EA134ebC9a511db0c2`
Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#21) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#27-33) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Address.isContract(address) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#32-38) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#35-37)
BaseUpgradeabilityProxy._setImplementation(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#53-65) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#62-64)
Proxy._delegate(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#32-56) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#34-55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69-77):
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy._admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x64b761D848206f447Fe2dd461b0c635Ec39EbB27 analyzed (6 contracts with 79 detectors), 17 result(s) found
Slither report for AccessControlledOffchainAggregator at `0x785433d8b06D77D68dF6be63944742130A4530d1`
Warning: OffchainAggregator.sol:461:7: Warning: This declaration shadows an existing declaration.
int192 latestAnswer,
^-----------------^
OffchainAggregator.sol:653:3: The shadowed declaration is here:
function latestAnswer()
^ (Relevant source part starts here and spans across multiple lines).
Warning: OffchainAggregator.sol:462:7: Warning: This declaration shadows an existing declaration.
uint64 latestTimestamp
^--------------------^
OffchainAggregator.sol:666:3: The shadowed declaration is here:
function latestTimestamp()
^ (Relevant source part starts here and spans across multiple lines).
Warning: AccessControlledOffchainAggregator.sol:25:5: Warning: This declaration shadows an existing declaration.
string memory description
^-----------------------^
AccessControlledOffchainAggregator.sol:108:3: The shadowed declaration is here:
function description()
^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
OffchainAggregatorBilling.reimburseAndRewardOracles(uint32,bytes) (OffchainAggregatorBilling.sol#570-623) passes array OffchainAggregatorBilling.s_oracleObservationsCounts (OffchainAggregatorBilling.sol#84)by reference to OffchainAggregatorBilling.oracleRewards(bytes,uint16[31]) (OffchainAggregatorBilling.sol#392-406)which only takes arrays by value
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#modifying-storage-array-by-value
INFO:Detectors:
Reentrancy in OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358):
External calls:
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#353)
State variables written after the call(s):
- s_gasReimbursementsLinkWei[oracle.index] = 1 (OffchainAggregatorBilling.sol#355)
OffchainAggregatorBilling.s_gasReimbursementsLinkWei (OffchainAggregatorBilling.sol#114) can be used in cross function reentrancies:
- OffchainAggregatorBilling.constructor(uint32,uint32,uint32,uint32,uint32,address,AccessControllerInterface) (OffchainAggregatorBilling.sol#148-171)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
- s_oracleObservationsCounts[oracle.index] = 1 (OffchainAggregatorBilling.sol#354)
OffchainAggregatorBilling.s_oracleObservationsCounts (OffchainAggregatorBilling.sol#84) can be used in cross function reentrancies:
- OffchainAggregatorBilling.constructor(uint32,uint32,uint32,uint32,uint32,address,AccessControllerInterface) (OffchainAggregatorBilling.sol#148-171)
- OffchainAggregatorBilling.oracleObservationCount(address) (OffchainAggregatorBilling.sol#559-567)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
Reentrancy in OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390):
External calls:
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#381)
State variables written after the call(s):
- s_gasReimbursementsLinkWei = gasReimbursementsLinkWei (OffchainAggregatorBilling.sol#389)
OffchainAggregatorBilling.s_gasReimbursementsLinkWei (OffchainAggregatorBilling.sol#114) can be used in cross function reentrancies:
- OffchainAggregatorBilling.constructor(uint32,uint32,uint32,uint32,uint32,address,AccessControllerInterface) (OffchainAggregatorBilling.sol#148-171)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
- s_oracleObservationsCounts = observationsCounts (OffchainAggregatorBilling.sol#388)
OffchainAggregatorBilling.s_oracleObservationsCounts (OffchainAggregatorBilling.sol#84) can be used in cross function reentrancies:
- OffchainAggregatorBilling.constructor(uint32,uint32,uint32,uint32,uint32,address,AccessControllerInterface) (OffchainAggregatorBilling.sol#148-171)
- OffchainAggregatorBilling.oracleObservationCount(address) (OffchainAggregatorBilling.sol#559-567)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
Reentrancy in OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32) (OffchainAggregatorBilling.sol#213-228):
External calls:
- payOracles() (OffchainAggregatorBilling.sol#225)
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#381)
State variables written after the call(s):
- setBillingInternal(_maximumGasPrice,_reasonableGasPrice,_microLinkPerEth,_linkGweiPerObservation,_linkGweiPerTransmission) (OffchainAggregatorBilling.sol#226-227)
- s_billing = Billing(_maximumGasPrice,_reasonableGasPrice,_microLinkPerEth,_linkGweiPerObservation,_linkGweiPerTransmission) (OffchainAggregatorBilling.sol#198-199)
OffchainAggregatorBilling.s_billing (OffchainAggregatorBilling.sol#66) can be used in cross function reentrancies:
- OffchainAggregatorBilling.getBilling() (OffchainAggregatorBilling.sol#238-257)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregatorBilling.setBillingInternal(uint32,uint32,uint32,uint32,uint32) (OffchainAggregatorBilling.sol#189-202)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
Reentrancy in OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212):
External calls:
- payOracle(transmitter) (OffchainAggregator.sol#164)
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#353)
State variables written after the call(s):
- delete s_oracles[signer] (OffchainAggregator.sol#165)
OffchainAggregatorBilling.s_oracles (OffchainAggregatorBilling.sol#135-136) can be used in cross function reentrancies:
- OffchainAggregatorBilling.oracleObservationCount(address) (OffchainAggregatorBilling.sol#559-567)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.reimburseAndRewardOracles(uint32,bytes) (OffchainAggregatorBilling.sol#570-623)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
- delete s_oracles[transmitter] (OffchainAggregator.sol#166)
OffchainAggregatorBilling.s_oracles (OffchainAggregatorBilling.sol#135-136) can be used in cross function reentrancies:
- OffchainAggregatorBilling.oracleObservationCount(address) (OffchainAggregatorBilling.sol#559-567)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.reimburseAndRewardOracles(uint32,bytes) (OffchainAggregatorBilling.sol#570-623)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
- s_oracles[_signers[i]] = Oracle(uint8(i),Role.Signer) (OffchainAggregator.sol#176)
OffchainAggregatorBilling.s_oracles (OffchainAggregatorBilling.sol#135-136) can be used in cross function reentrancies:
- OffchainAggregatorBilling.oracleObservationCount(address) (OffchainAggregatorBilling.sol#559-567)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.reimburseAndRewardOracles(uint32,bytes) (OffchainAggregatorBilling.sol#570-623)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
- s_oracles[_transmitters[i]] = Oracle(uint8(i),Role.Transmitter) (OffchainAggregator.sol#182)
OffchainAggregatorBilling.s_oracles (OffchainAggregatorBilling.sol#135-136) can be used in cross function reentrancies:
- OffchainAggregatorBilling.oracleObservationCount(address) (OffchainAggregatorBilling.sol#559-567)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.reimburseAndRewardOracles(uint32,bytes) (OffchainAggregatorBilling.sol#570-623)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
- s_signers.pop() (OffchainAggregator.sol#167)
OffchainAggregatorBilling.s_signers (OffchainAggregatorBilling.sol#139) can be used in cross function reentrancies:
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- s_signers.push(_signers[i]) (OffchainAggregator.sol#183)
OffchainAggregatorBilling.s_signers (OffchainAggregatorBilling.sol#139) can be used in cross function reentrancies:
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- s_transmitters.pop() (OffchainAggregator.sol#168)
OffchainAggregatorBilling.s_transmitters (OffchainAggregatorBilling.sol#143) can be used in cross function reentrancies:
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
- OffchainAggregator.transmitters() (OffchainAggregator.sol#252-258)
- s_transmitters.push(_transmitters[i]) (OffchainAggregator.sol#184)
OffchainAggregatorBilling.s_transmitters (OffchainAggregatorBilling.sol#143) can be used in cross function reentrancies:
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
- OffchainAggregator.transmitters() (OffchainAggregator.sol#252-258)
Reentrancy in OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644):
External calls:
- validateAnswer(r.hotVars.latestAggregatorRoundId,median) (OffchainAggregator.sol#639)
- av.validate{gas: VALIDATOR_GAS_LIMIT}(prevAggregatorRoundId,prevAggregatorRoundAnswer,_aggregatorRoundId,_answer) (OffchainAggregator.sol#322-327)
State variables written after the call(s):
- s_hotVars = r.hotVars (OffchainAggregator.sol#641)
OffchainAggregator.s_hotVars (OffchainAggregator.sol#39) can be used in cross function reentrancies:
- OffchainAggregator.latestAnswer() (OffchainAggregator.sol#653-661)
- OffchainAggregator.latestConfigDetails() (OffchainAggregator.sol#235-245)
- OffchainAggregator.latestRound() (OffchainAggregator.sol#679-687)
- OffchainAggregator.latestRoundData() (OffchainAggregator.sol#791-817)
- OffchainAggregator.latestTimestamp() (OffchainAggregator.sol#666-674)
- OffchainAggregator.latestTransmissionDetails() (OffchainAggregator.sol#454-473)
- OffchainAggregator.requestNewRound() (OffchainAggregator.sol#385-398)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32).r (OffchainAggregator.sol#526) is a local variable never initialized
OffchainAggregatorBilling.constructor(uint32,uint32,uint32,uint32,uint32,address,AccessControllerInterface).gas (OffchainAggregatorBilling.sol#163) is a local variable never initialized
OffchainAggregatorBilling.constructor(uint32,uint32,uint32,uint32,uint32,address,AccessControllerInterface).counts (OffchainAggregatorBilling.sol#162) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
INFO:Detectors:
OffchainAggregator.validateAnswer(uint32,int256) (OffchainAggregator.sol#309-328) ignores return value by av.validate{gas: VALIDATOR_GAS_LIMIT}(prevAggregatorRoundId,prevAggregatorRoundAnswer,_aggregatorRoundId,_answer) (OffchainAggregator.sol#322-327)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
AccessControlledOffchainAggregator.constructor(uint32,uint32,uint32,uint32,uint32,address,address,int192,int192,AccessControllerInterface,AccessControllerInterface,uint8,string).description (AccessControlledOffchainAggregator.sol#25) shadows:
- AccessControlledOffchainAggregator.description() (AccessControlledOffchainAggregator.sol#108-116) (function)
- OffchainAggregator.description() (OffchainAggregator.sol#740-748) (function)
- AggregatorV3Interface.description() (AggregatorV3Interface.sol#7) (function)
OffchainAggregator.latestTransmissionDetails().latestAnswer (OffchainAggregator.sol#461) shadows:
- OffchainAggregator.latestAnswer() (OffchainAggregator.sol#653-661) (function)
- AggregatorInterface.latestAnswer() (AggregatorInterface.sol#5) (function)
OffchainAggregator.latestTransmissionDetails().latestTimestamp (OffchainAggregator.sol#462) shadows:
- OffchainAggregator.latestTimestamp() (OffchainAggregator.sol#666-674) (function)
- AggregatorInterface.latestTimestamp() (AggregatorInterface.sol#6) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
Owned.transferOwnership(address)._to (Owned.sol#30) lacks a zero-check on :
- pendingOwner = _to (Owned.sol#34)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358) has external calls inside a loop: require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#353)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
INFO:Detectors:
Reentrancy in OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212):
External calls:
- payOracle(transmitter) (OffchainAggregator.sol#164)
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#353)
State variables written after the call(s):
- s_configCount += 1 (OffchainAggregator.sol#189)
- s_hotVars.threshold = _threshold (OffchainAggregator.sol#186)
- s_hotVars.latestConfigDigest = configDigestFromConfigData(address(this),configCount,_signers,_transmitters,_threshold,_encodedConfigVersion,_encoded) (OffchainAggregator.sol#192-200)
- s_hotVars.latestEpochAndRound = 0 (OffchainAggregator.sol#201)
- s_latestConfigBlockNumber = uint32(block.number) (OffchainAggregator.sol#188)
Reentrancy in OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644):
External calls:
- validateAnswer(r.hotVars.latestAggregatorRoundId,median) (OffchainAggregator.sol#639)
- av.validate{gas: VALIDATOR_GAS_LIMIT}(prevAggregatorRoundId,prevAggregatorRoundAnswer,_aggregatorRoundId,_answer) (OffchainAggregator.sol#322-327)
State variables written after the call(s):
- reimburseAndRewardOracles(uint32(initialGas),r.observers) (OffchainAggregator.sol#643)
- s_gasReimbursementsLinkWei[txOracle.index] = s_gasReimbursementsLinkWei[txOracle.index] + gasCostLinkWei + uint256(billing.linkGweiPerTransmission) * (1000000000) (OffchainAggregatorBilling.sol#615-617)
- reimburseAndRewardOracles(uint32(initialGas),r.observers) (OffchainAggregator.sol#643)
- s_oracleObservationsCounts = oracleRewards(observers,s_oracleObservationsCounts) (OffchainAggregatorBilling.sol#580-581)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2
INFO:Detectors:
Reentrancy in OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358):
External calls:
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#353)
Event emitted after the call(s):
- OraclePaid(_transmitter,payee,linkWeiAmount) (OffchainAggregatorBilling.sol#356)
Reentrancy in OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390):
External calls:
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#381)
Event emitted after the call(s):
- OraclePaid(transmitters[transmitteridx],payee,linkWeiAmount) (OffchainAggregatorBilling.sol#384)
Reentrancy in OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32) (OffchainAggregatorBilling.sol#213-228):
External calls:
- payOracles() (OffchainAggregatorBilling.sol#225)
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#381)
Event emitted after the call(s):
- BillingSet(_maximumGasPrice,_reasonableGasPrice,_microLinkPerEth,_linkGweiPerObservation,_linkGweiPerTransmission) (OffchainAggregatorBilling.sol#200-201)
- setBillingInternal(_maximumGasPrice,_reasonableGasPrice,_microLinkPerEth,_linkGweiPerObservation,_linkGweiPerTransmission) (OffchainAggregatorBilling.sol#226-227)
Reentrancy in OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212):
External calls:
- payOracle(transmitter) (OffchainAggregator.sol#164)
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#353)
Event emitted after the call(s):
- ConfigSet(previousConfigBlockNumber,configCount,_signers,_transmitters,_threshold,_encodedConfigVersion,_encoded) (OffchainAggregator.sol#203-211)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212) has costly operations inside a loop:
- delete s_oracles[signer] (OffchainAggregator.sol#165)
OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212) has costly operations inside a loop:
- delete s_oracles[transmitter] (OffchainAggregator.sol#166)
OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212) has costly operations inside a loop:
- s_signers.pop() (OffchainAggregator.sol#167)
OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212) has costly operations inside a loop:
- s_transmitters.pop() (OffchainAggregator.sol#168)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#costly-operations-inside-a-loop
INFO:Detectors:
OffchainAggregator.decodeReport(bytes) (OffchainAggregator.sol#423-434) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Parameter AccessControlledOffchainAggregator.getAnswer(uint256)._roundId (AccessControlledOffchainAggregator.sol#82) is not in mixedCase
Parameter AccessControlledOffchainAggregator.getTimestamp(uint256)._roundId (AccessControlledOffchainAggregator.sol#93) is not in mixedCase
Parameter AccessControlledOffchainAggregator.getRoundData(uint80)._roundId (AccessControlledOffchainAggregator.sol#119) is not in mixedCase
Parameter OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes)._signers (OffchainAggregator.sol#150) is not in mixedCase
Parameter OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes)._transmitters (OffchainAggregator.sol#151) is not in mixedCase
Parameter OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes)._threshold (OffchainAggregator.sol#152) is not in mixedCase
Parameter OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes)._encodedConfigVersion (OffchainAggregator.sol#153) is not in mixedCase
Parameter OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes)._encoded (OffchainAggregator.sol#154) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._contractAddress (OffchainAggregator.sol#215) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._configCount (OffchainAggregator.sol#216) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._signers (OffchainAggregator.sol#217) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._transmitters (OffchainAggregator.sol#218) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._threshold (OffchainAggregator.sol#219) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._encodedConfigVersion (OffchainAggregator.sol#220) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._encodedConfig (OffchainAggregator.sol#221) is not in mixedCase
Parameter OffchainAggregator.setValidator(address)._newValidator (OffchainAggregator.sol#296) is not in mixedCase
Parameter OffchainAggregator.validateAnswer(uint32,int256)._aggregatorRoundId (OffchainAggregator.sol#310) is not in mixedCase
Parameter OffchainAggregator.validateAnswer(uint32,int256)._answer (OffchainAggregator.sol#311) is not in mixedCase
Parameter OffchainAggregator.setRequesterAccessController(AccessControllerInterface)._requesterAccessController (OffchainAggregator.sol#368) is not in mixedCase
Parameter OffchainAggregator.decodeReport(bytes)._report (OffchainAggregator.sol#423) is not in mixedCase
Parameter OffchainAggregator.expectedMsgDataLength(bytes,bytes32[],bytes32[])._report (OffchainAggregator.sol#490) is not in mixedCase
Parameter OffchainAggregator.expectedMsgDataLength(bytes,bytes32[],bytes32[])._rs (OffchainAggregator.sol#490) is not in mixedCase
Parameter OffchainAggregator.expectedMsgDataLength(bytes,bytes32[],bytes32[])._ss (OffchainAggregator.sol#490) is not in mixedCase
Parameter OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32)._report (OffchainAggregator.sol#511) is not in mixedCase
Parameter OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32)._rs (OffchainAggregator.sol#512) is not in mixedCase
Parameter OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32)._ss (OffchainAggregator.sol#512) is not in mixedCase
Parameter OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32)._rawVs (OffchainAggregator.sol#512) is not in mixedCase
Parameter OffchainAggregator.getAnswer(uint256)._roundId (OffchainAggregator.sol#693) is not in mixedCase
Parameter OffchainAggregator.getTimestamp(uint256)._roundId (OffchainAggregator.sol#708) is not in mixedCase
Parameter OffchainAggregator.getRoundData(uint80)._roundId (OffchainAggregator.sol#759) is not in mixedCase
Constant OffchainAggregator.maxUint32 (OffchainAggregator.sol#19) is not in UPPER_CASE_WITH_UNDERSCORES
Variable OffchainAggregator.s_hotVars (OffchainAggregator.sol#39) is not in mixedCase
Variable OffchainAggregator.s_transmissions (OffchainAggregator.sol#47) is not in mixedCase
Variable OffchainAggregator.s_configCount (OffchainAggregator.sol#51) is not in mixedCase
Variable OffchainAggregator.s_latestConfigBlockNumber (OffchainAggregator.sol#52) is not in mixedCase
Variable OffchainAggregator.s_validator (OffchainAggregator.sol#268) is not in mixedCase
Variable OffchainAggregator.s_requesterAccessController (OffchainAggregator.sol#334) is not in mixedCase
Variable OffchainAggregator.s_description (OffchainAggregator.sol#735) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingInternal(uint32,uint32,uint32,uint32,uint32)._maximumGasPrice (OffchainAggregatorBilling.sol#190) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingInternal(uint32,uint32,uint32,uint32,uint32)._reasonableGasPrice (OffchainAggregatorBilling.sol#191) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingInternal(uint32,uint32,uint32,uint32,uint32)._microLinkPerEth (OffchainAggregatorBilling.sol#192) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingInternal(uint32,uint32,uint32,uint32,uint32)._linkGweiPerObservation (OffchainAggregatorBilling.sol#193) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingInternal(uint32,uint32,uint32,uint32,uint32)._linkGweiPerTransmission (OffchainAggregatorBilling.sol#194) is not in mixedCase
Parameter OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32)._maximumGasPrice (OffchainAggregatorBilling.sol#214) is not in mixedCase
Parameter OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32)._reasonableGasPrice (OffchainAggregatorBilling.sol#215) is not in mixedCase
Parameter OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32)._microLinkPerEth (OffchainAggregatorBilling.sol#216) is not in mixedCase
Parameter OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32)._linkGweiPerObservation (OffchainAggregatorBilling.sol#217) is not in mixedCase
Parameter OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32)._linkGweiPerTransmission (OffchainAggregatorBilling.sol#218) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingAccessControllerInternal(AccessControllerInterface)._billingAccessController (OffchainAggregatorBilling.sol#266) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingAccessController(AccessControllerInterface)._billingAccessController (OffchainAggregatorBilling.sol#284) is not in mixedCase
Parameter OffchainAggregatorBilling.withdrawPayment(address)._transmitter (OffchainAggregatorBilling.sol#308) is not in mixedCase
Parameter OffchainAggregatorBilling.owedPayment(address)._transmitter (OffchainAggregatorBilling.sol#319) is not in mixedCase
Parameter OffchainAggregatorBilling.payOracle(address)._transmitter (OffchainAggregatorBilling.sol#344) is not in mixedCase
Parameter OffchainAggregatorBilling.withdrawFunds(address,uint256)._recipient (OffchainAggregatorBilling.sol#496) is not in mixedCase
Parameter OffchainAggregatorBilling.withdrawFunds(address,uint256)._amount (OffchainAggregatorBilling.sol#496) is not in mixedCase
Parameter OffchainAggregatorBilling.oracleObservationCount(address)._signerOrTransmitter (OffchainAggregatorBilling.sol#559) is not in mixedCase
Parameter OffchainAggregatorBilling.setPayees(address[],address[])._transmitters (OffchainAggregatorBilling.sol#660) is not in mixedCase
Parameter OffchainAggregatorBilling.setPayees(address[],address[])._payees (OffchainAggregatorBilling.sol#661) is not in mixedCase
Parameter OffchainAggregatorBilling.transferPayeeship(address,address)._transmitter (OffchainAggregatorBilling.sol#689) is not in mixedCase
Parameter OffchainAggregatorBilling.transferPayeeship(address,address)._proposed (OffchainAggregatorBilling.sol#690) is not in mixedCase
Parameter OffchainAggregatorBilling.acceptPayeeship(address)._transmitter (OffchainAggregatorBilling.sol#711) is not in mixedCase
Parameter OffchainAggregatorBilling.saturatingAddUint16(uint16,uint16)._x (OffchainAggregatorBilling.sol#728) is not in mixedCase
Parameter OffchainAggregatorBilling.saturatingAddUint16(uint16,uint16)._y (OffchainAggregatorBilling.sol#728) is not in mixedCase
Constant OffchainAggregatorBilling.maxNumOracles (OffchainAggregatorBilling.sol#45) is not in UPPER_CASE_WITH_UNDERSCORES
Variable OffchainAggregatorBilling.s_billing (OffchainAggregatorBilling.sol#66) is not in mixedCase
Variable OffchainAggregatorBilling.LINK (OffchainAggregatorBilling.sol#71) is not in mixedCase
Variable OffchainAggregatorBilling.s_billingAccessController (OffchainAggregatorBilling.sol#73) is not in mixedCase
Variable OffchainAggregatorBilling.s_oracleObservationsCounts (OffchainAggregatorBilling.sol#84) is not in mixedCase
Variable OffchainAggregatorBilling.s_payees (OffchainAggregatorBilling.sol#87-89) is not in mixedCase
Variable OffchainAggregatorBilling.s_proposedPayees (OffchainAggregatorBilling.sol#92-94) is not in mixedCase
Variable OffchainAggregatorBilling.s_gasReimbursementsLinkWei (OffchainAggregatorBilling.sol#114) is not in mixedCase
Variable OffchainAggregatorBilling.s_oracles (OffchainAggregatorBilling.sol#135-136) is not in mixedCase
Variable OffchainAggregatorBilling.s_signers (OffchainAggregatorBilling.sol#139) is not in mixedCase
Variable OffchainAggregatorBilling.s_transmitters (OffchainAggregatorBilling.sol#143) is not in mixedCase
Constant OffchainAggregatorBilling.maxUint16 (OffchainAggregatorBilling.sol#145) is not in UPPER_CASE_WITH_UNDERSCORES
Constant OffchainAggregatorBilling.maxUint128 (OffchainAggregatorBilling.sol#146) is not in UPPER_CASE_WITH_UNDERSCORES
Constant OffchainAggregatorBilling.accountingGasCost (OffchainAggregatorBilling.sol#435) is not in UPPER_CASE_WITH_UNDERSCORES
Parameter Owned.transferOwnership(address)._to (Owned.sol#30) is not in mixedCase
Parameter SimpleReadAccessController.hasAccess(address,bytes)._user (SimpleReadAccessController.sol#24) is not in mixedCase
Parameter SimpleReadAccessController.hasAccess(address,bytes)._calldata (SimpleReadAccessController.sol#25) is not in mixedCase
Parameter SimpleWriteAccessController.hasAccess(address,bytes)._user (SimpleWriteAccessController.sol#34) is not in mixedCase
Parameter SimpleWriteAccessController.addAccess(address)._user (SimpleWriteAccessController.sol#50) is not in mixedCase
Parameter SimpleWriteAccessController.addAccessInternal(address)._user (SimpleWriteAccessController.sol#54) is not in mixedCase
Parameter SimpleWriteAccessController.removeAccess(address)._user (SimpleWriteAccessController.sol#65) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Variable OffchainAggregatorBilling.withdrawPayment(address)._transmitter (OffchainAggregatorBilling.sol#308) is too similar to OffchainAggregatorBilling.payOracles().transmitters (OffchainAggregatorBilling.sol#371)
Variable OffchainAggregatorBilling.owedPayment(address)._transmitter (OffchainAggregatorBilling.sol#319) is too similar to OffchainAggregatorBilling.payOracles().transmitters (OffchainAggregatorBilling.sol#371)
Variable OffchainAggregatorBilling.transferPayeeship(address,address)._transmitter (OffchainAggregatorBilling.sol#689) is too similar to OffchainAggregatorBilling.payOracles().transmitters (OffchainAggregatorBilling.sol#371)
Variable OffchainAggregatorBilling.acceptPayeeship(address)._transmitter (OffchainAggregatorBilling.sol#711) is too similar to OffchainAggregatorBilling.payOracles().transmitters (OffchainAggregatorBilling.sol#371)
Variable OffchainAggregatorBilling.payOracle(address)._transmitter (OffchainAggregatorBilling.sol#344) is too similar to OffchainAggregatorBilling.totalLINKDue().transmitters (OffchainAggregatorBilling.sol#529)
Variable OffchainAggregatorBilling.payOracle(address)._transmitter (OffchainAggregatorBilling.sol#344) is too similar to OffchainAggregatorBilling.payOracles().transmitters (OffchainAggregatorBilling.sol#371)
Variable OffchainAggregatorBilling.withdrawPayment(address)._transmitter (OffchainAggregatorBilling.sol#308) is too similar to OffchainAggregatorBilling.totalLINKDue().transmitters (OffchainAggregatorBilling.sol#529)
Variable OffchainAggregatorBilling.owedPayment(address)._transmitter (OffchainAggregatorBilling.sol#319) is too similar to OffchainAggregatorBilling.totalLINKDue().transmitters (OffchainAggregatorBilling.sol#529)
Variable OffchainAggregatorBilling.acceptPayeeship(address)._transmitter (OffchainAggregatorBilling.sol#711) is too similar to OffchainAggregatorBilling.totalLINKDue().transmitters (OffchainAggregatorBilling.sol#529)
Variable OffchainAggregatorBilling.transferPayeeship(address,address)._transmitter (OffchainAggregatorBilling.sol#689) is too similar to OffchainAggregatorBilling.totalLINKDue().transmitters (OffchainAggregatorBilling.sol#529)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar
INFO:Slither:0x785433d8b06D77D68dF6be63944742130A4530d1 analyzed (12 contracts with 79 detectors), 120 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation unknown contract name at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount1) (contracts/utils/DoubleTransferHelper.sol#15)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount2) (contracts/utils/DoubleTransferHelper.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
INFO:Detectors:
AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/token/AaveToken.sol#145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
State variables written after the call(s):
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _balances[account] = _balances[account].add(amount) (contracts/open-zeppelin/ERC20.sol#235)
ERC20._balances (contracts/open-zeppelin/ERC20.sol#38) can be used in cross function reentrancies:
- ERC20._mint(address,uint256) (contracts/open-zeppelin/ERC20.sol#229-237)
- ERC20._transfer(address,address,uint256) (contracts/open-zeppelin/ERC20.sol#209-218)
- ERC20.balanceOf(address) (contracts/open-zeppelin/ERC20.sol#105-107)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _countsSnapshots[owner] = ownerCountOfSnapshots.add(1) (contracts/token/AaveToken.sol#149)
AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) can be used in cross function reentrancies:
- AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38)
- AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- snapshotsOwner[ownerCountOfSnapshots.sub(1)].value = newValue (contracts/token/AaveToken.sol#146)
- snapshotsOwner[ownerCountOfSnapshots] = Snapshot(currentBlock,newValue) (contracts/token/AaveToken.sol#148)
AaveToken._snapshots (contracts/token/AaveToken.sol#36) can be used in cross function reentrancies:
- AaveToken._snapshots (contracts/token/AaveToken.sol#36)
- AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _totalSupply = _totalSupply.add(amount) (contracts/open-zeppelin/ERC20.sol#234)
ERC20._totalSupply (contracts/open-zeppelin/ERC20.sol#42) can be used in cross function reentrancies:
- ERC20._mint(address,uint256) (contracts/open-zeppelin/ERC20.sol#229-237)
- ERC20.totalSupply() (contracts/open-zeppelin/ERC20.sol#98-100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
ERC20.constructor(string,string).name (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/open-zeppelin/UpgradeabilityProxy.sol#19) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
Event emitted after the call(s):
- SnapshotDone(owner,oldValue,newValue) (contracts/token/AaveToken.sol#152)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- Transfer(address(0),account,amount) (contracts/open-zeppelin/ERC20.sol#236)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
Reentrancy in LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68):
External calls:
- LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
- AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
Event emitted after the call(s):
- LendMigrated(msg.sender,amount) (contracts/token/LendToAaveMigrator.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
AaveToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/token/AaveToken.sol#98-123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/token/AaveToken.sol#109)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.isContract(address) (contracts/open-zeppelin/Address.sol#24-33) uses assembly
- INLINE ASM (contracts/open-zeppelin/Address.sol#31)
BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#96-98)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#105-111) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#108-110)
BaseUpgradeabilityProxy._implementation() (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#30-35) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#32-34)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#50-58) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#55-57)
Proxy._delegate(address) (contracts/open-zeppelin/Proxy.sol#30-49) uses assembly
- INLINE ASM (contracts/open-zeppelin/Proxy.sol#31-48)
AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85) uses assembly
- INLINE ASM (contracts/token/AaveToken.sol#68-70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57) is never used and should be removed
Context._msgData() (contracts/open-zeppelin/Context.sol#20-23) is never used and should be removed
ERC20._burn(address,uint256) (contracts/open-zeppelin/ERC20.sol#250-258) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#131-133) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/open-zeppelin/SafeMath.sol#146-149) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#71-83) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57):
- (success) = recipient.call{value: amount}() (contracts/open-zeppelin/Address.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85-89):
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/open-zeppelin/UpgradeabilityProxy.sol#19-26):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
DoubleTransferHelper (contracts/utils/DoubleTransferHelper.sol#6-19) should inherit from VersionedInitializable (contracts/utils/VersionedInitializable.sol#18-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
INFO:Detectors:
Variable ERC20._name (contracts/open-zeppelin/ERC20.sol#44) is not in mixedCase
Variable ERC20._symbol (contracts/open-zeppelin/ERC20.sol#45) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable AaveToken._nonces (contracts/token/AaveToken.sol#34) is not in mixedCase
Variable AaveToken._snapshots (contracts/token/AaveToken.sol#36) is not in mixedCase
Variable AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) is not in mixedCase
Variable AaveToken._aaveGovernance (contracts/token/AaveToken.sol#43) is not in mixedCase
Variable AaveToken.DOMAIN_SEPARATOR (contracts/token/AaveToken.sol#45) is not in mixedCase
Variable LendToAaveMigrator.AAVE (contracts/token/LendToAaveMigrator.sol#17) is not in mixedCase
Variable LendToAaveMigrator.LEND (contracts/token/LendToAaveMigrator.sol#18) is not in mixedCase
Variable LendToAaveMigrator.LEND_AAVE_RATIO (contracts/token/LendToAaveMigrator.sol#19) is not in mixedCase
Variable LendToAaveMigrator._totalLendMigrated (contracts/token/LendToAaveMigrator.sol#22) is not in mixedCase
Variable DoubleTransferHelper.AAVE (contracts/utils/DoubleTransferHelper.sol#8) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (contracts/open-zeppelin/Context.sol#21)" inContext (contracts/open-zeppelin/Context.sol#15-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Slither:0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9 analyzed (19 contracts with 79 detectors), 57 result(s) found
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2` with implementation Pool at `0xfCc00A1e250644d89AF0df661bC6f04891E21585`
Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#21) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#27-33) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Address.isContract(address) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#32-38) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#35-37)
BaseUpgradeabilityProxy._setImplementation(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#53-65) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#62-64)
Proxy._delegate(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#32-56) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#34-55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69-77):
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy._admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2 analyzed (6 contracts with 79 detectors), 17 result(s) found
Slither report for EthRobotKeeper at `0x943AcD0c93d7a8Bee7dA5Fd0DC3d0028237074d6`
Traceback (most recent call last):
File "/home/runner/.local/lib/python3.10/site-packages/slither/__main__.py", line 837, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/home/runner/.local/lib/python3.10/site-packages/slither/__main__.py", line 90, in process_all
compilations = compile_all(target, **vars(args))
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 643, in compile_all
compilations.append(CryticCompile(target, **kwargs))
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 131, in __init__
self._compile(**kwargs)
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 553, in _compile
self._platform.compile(self, **kwargs)
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/platform/etherscan.py", line 362, in compile
solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 66, in standalone_compile
targets_json = run_solc_standard_json(
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 181, in run_solc_standard_json
raise InvalidCompilation(solc_exception_str)
crytic_compile.platform.exceptions.InvalidCompilation: ParserError: ParserError: Source "aave-address-book/AaveGovernanceV2.sol" not found: File not found. Searched the following locations: "".
--> src/contracts/EthRobotKeeper.sol:4:1:
|
4 | import {IAaveGovernanceV2} from 'aave-address-book/AaveGovernanceV2.sol';
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "solidity-utils/contracts/oz-common/Ownable.sol" not found: File not found. Searched the following locations: "".
--> src/contracts/EthRobotKeeper.sol:7:1:
|
7 | import {Ownable} from 'solidity-utils/contracts/oz-common/Ownable.sol';
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "chainlink-brownie-contracts/interfaces/AutomationCompatibleInterface.sol" not found: File not found. Searched the following locations: "".
--> src/interfaces/IGovernanceRobotKeeper.sol:4:1:
|
4 | import {AutomationCompatibleInterface} from 'chainlink-brownie-contracts/interfaces/AutomationCompatibleInterface.sol';
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "aave-address-book/AaveGovernanceV2.sol" not found: File not found. Searched the following locations: "".
--> src/interfaces/IProposalValidator.sol:5:1:
|
5 | import {IAaveGovernanceV2} from 'aave-address-book/AaveGovernanceV2.sol';
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ERROR:root:Error in 0x943AcD0c93d7a8Bee7dA5Fd0DC3d0028237074d6
ERROR:root:Traceback (most recent call last):
File "/home/runner/.local/lib/python3.10/site-packages/slither/__main__.py", line 837, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/home/runner/.local/lib/python3.10/site-packages/slither/__main__.py", line 90, in process_all
compilations = compile_all(target, **vars(args))
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 643, in compile_all
compilations.append(CryticCompile(target, **kwargs))
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 131, in __init__
self._compile(**kwargs)
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 553, in _compile
self._platform.compile(self, **kwargs)
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/platform/etherscan.py", line 362, in compile
solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 66, in standalone_compile
targets_json = run_solc_standard_json(
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 181, in run_solc_standard_json
raise InvalidCompilation(solc_exception_str)
crytic_compile.platform.exceptions.InvalidCompilation: ParserError: ParserError: Source "aave-address-book/AaveGovernanceV2.sol" not found: File not found. Searched the following locations: "".
--> src/contracts/EthRobotKeeper.sol:4:1:
|
4 | import {IAaveGovernanceV2} from 'aave-address-book/AaveGovernanceV2.sol';
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "solidity-utils/contracts/oz-common/Ownable.sol" not found: File not found. Searched the following locations: "".
--> src/contracts/EthRobotKeeper.sol:7:1:
|
7 | import {Ownable} from 'solidity-utils/contracts/oz-common/Ownable.sol';
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "chainlink-brownie-contracts/interfaces/AutomationCompatibleInterface.sol" not found: File not found. Searched the following locations: "".
--> src/interfaces/IGovernanceRobotKeeper.sol:4:1:
|
4 | import {AutomationCompatibleInterface} from 'chainlink-brownie-contracts/interfaces/AutomationCompatibleInterface.sol';
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "aave-address-book/AaveGovernanceV2.sol" not found: File not found. Searched the following locations: "".
--> src/interfaces/IProposalValidator.sol:5:1:
|
5 | import {IAaveGovernanceV2} from 'aave-address-book/AaveGovernanceV2.sol';
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Slither report for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
INFO:Detectors:
GovernanceStrategy.constructor(address,address).aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- AAVE = aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#79)
GovernanceStrategy.constructor(address,address).stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- STK_AAVE = stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Variable GovernanceStrategy.AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#70) is not in mixedCase
Variable GovernanceStrategy.STK_AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#71) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e analyzed (4 contracts with 79 detectors), 4 result(s) found
Slither report for AccessControlledOffchainAggregator at `0xbba12740DE905707251525477bAD74985DeC46D2`
Warning: OffchainAggregator.sol:461:7: Warning: This declaration shadows an existing declaration.
int192 latestAnswer,
^-----------------^
OffchainAggregator.sol:653:3: The shadowed declaration is here:
function latestAnswer()
^ (Relevant source part starts here and spans across multiple lines).
Warning: OffchainAggregator.sol:462:7: Warning: This declaration shadows an existing declaration.
uint64 latestTimestamp
^--------------------^
OffchainAggregator.sol:666:3: The shadowed declaration is here:
function latestTimestamp()
^ (Relevant source part starts here and spans across multiple lines).
Warning: AccessControlledOffchainAggregator.sol:25:5: Warning: This declaration shadows an existing declaration.
string memory description
^-----------------------^
AccessControlledOffchainAggregator.sol:108:3: The shadowed declaration is here:
function description()
^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
OffchainAggregatorBilling.reimburseAndRewardOracles(uint32,bytes) (OffchainAggregatorBilling.sol#570-623) passes array OffchainAggregatorBilling.s_oracleObservationsCounts (OffchainAggregatorBilling.sol#84)by reference to OffchainAggregatorBilling.oracleRewards(bytes,uint16[31]) (OffchainAggregatorBilling.sol#392-406)which only takes arrays by value
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#modifying-storage-array-by-value
INFO:Detectors:
Reentrancy in OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358):
External calls:
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#353)
State variables written after the call(s):
- s_gasReimbursementsLinkWei[oracle.index] = 1 (OffchainAggregatorBilling.sol#355)
OffchainAggregatorBilling.s_gasReimbursementsLinkWei (OffchainAggregatorBilling.sol#114) can be used in cross function reentrancies:
- OffchainAggregatorBilling.constructor(uint32,uint32,uint32,uint32,uint32,address,AccessControllerInterface) (OffchainAggregatorBilling.sol#148-171)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
- s_oracleObservationsCounts[oracle.index] = 1 (OffchainAggregatorBilling.sol#354)
OffchainAggregatorBilling.s_oracleObservationsCounts (OffchainAggregatorBilling.sol#84) can be used in cross function reentrancies:
- OffchainAggregatorBilling.constructor(uint32,uint32,uint32,uint32,uint32,address,AccessControllerInterface) (OffchainAggregatorBilling.sol#148-171)
- OffchainAggregatorBilling.oracleObservationCount(address) (OffchainAggregatorBilling.sol#559-567)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
Reentrancy in OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390):
External calls:
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#381)
State variables written after the call(s):
- s_gasReimbursementsLinkWei = gasReimbursementsLinkWei (OffchainAggregatorBilling.sol#389)
OffchainAggregatorBilling.s_gasReimbursementsLinkWei (OffchainAggregatorBilling.sol#114) can be used in cross function reentrancies:
- OffchainAggregatorBilling.constructor(uint32,uint32,uint32,uint32,uint32,address,AccessControllerInterface) (OffchainAggregatorBilling.sol#148-171)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
- s_oracleObservationsCounts = observationsCounts (OffchainAggregatorBilling.sol#388)
OffchainAggregatorBilling.s_oracleObservationsCounts (OffchainAggregatorBilling.sol#84) can be used in cross function reentrancies:
- OffchainAggregatorBilling.constructor(uint32,uint32,uint32,uint32,uint32,address,AccessControllerInterface) (OffchainAggregatorBilling.sol#148-171)
- OffchainAggregatorBilling.oracleObservationCount(address) (OffchainAggregatorBilling.sol#559-567)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
Reentrancy in OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32) (OffchainAggregatorBilling.sol#213-228):
External calls:
- payOracles() (OffchainAggregatorBilling.sol#225)
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#381)
State variables written after the call(s):
- setBillingInternal(_maximumGasPrice,_reasonableGasPrice,_microLinkPerEth,_linkGweiPerObservation,_linkGweiPerTransmission) (OffchainAggregatorBilling.sol#226-227)
- s_billing = Billing(_maximumGasPrice,_reasonableGasPrice,_microLinkPerEth,_linkGweiPerObservation,_linkGweiPerTransmission) (OffchainAggregatorBilling.sol#198-199)
OffchainAggregatorBilling.s_billing (OffchainAggregatorBilling.sol#66) can be used in cross function reentrancies:
- OffchainAggregatorBilling.getBilling() (OffchainAggregatorBilling.sol#238-257)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregatorBilling.setBillingInternal(uint32,uint32,uint32,uint32,uint32) (OffchainAggregatorBilling.sol#189-202)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
Reentrancy in OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212):
External calls:
- payOracle(transmitter) (OffchainAggregator.sol#164)
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#353)
State variables written after the call(s):
- delete s_oracles[signer] (OffchainAggregator.sol#165)
OffchainAggregatorBilling.s_oracles (OffchainAggregatorBilling.sol#135-136) can be used in cross function reentrancies:
- OffchainAggregatorBilling.oracleObservationCount(address) (OffchainAggregatorBilling.sol#559-567)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.reimburseAndRewardOracles(uint32,bytes) (OffchainAggregatorBilling.sol#570-623)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
- delete s_oracles[transmitter] (OffchainAggregator.sol#166)
OffchainAggregatorBilling.s_oracles (OffchainAggregatorBilling.sol#135-136) can be used in cross function reentrancies:
- OffchainAggregatorBilling.oracleObservationCount(address) (OffchainAggregatorBilling.sol#559-567)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.reimburseAndRewardOracles(uint32,bytes) (OffchainAggregatorBilling.sol#570-623)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
- s_oracles[_signers[i]] = Oracle(uint8(i),Role.Signer) (OffchainAggregator.sol#176)
OffchainAggregatorBilling.s_oracles (OffchainAggregatorBilling.sol#135-136) can be used in cross function reentrancies:
- OffchainAggregatorBilling.oracleObservationCount(address) (OffchainAggregatorBilling.sol#559-567)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.reimburseAndRewardOracles(uint32,bytes) (OffchainAggregatorBilling.sol#570-623)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
- s_oracles[_transmitters[i]] = Oracle(uint8(i),Role.Transmitter) (OffchainAggregator.sol#182)
OffchainAggregatorBilling.s_oracles (OffchainAggregatorBilling.sol#135-136) can be used in cross function reentrancies:
- OffchainAggregatorBilling.oracleObservationCount(address) (OffchainAggregatorBilling.sol#559-567)
- OffchainAggregatorBilling.owedPayment(address) (OffchainAggregatorBilling.sol#319-333)
- OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358)
- OffchainAggregatorBilling.reimburseAndRewardOracles(uint32,bytes) (OffchainAggregatorBilling.sol#570-623)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
- s_signers.pop() (OffchainAggregator.sol#167)
OffchainAggregatorBilling.s_signers (OffchainAggregatorBilling.sol#139) can be used in cross function reentrancies:
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- s_signers.push(_signers[i]) (OffchainAggregator.sol#183)
OffchainAggregatorBilling.s_signers (OffchainAggregatorBilling.sol#139) can be used in cross function reentrancies:
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- s_transmitters.pop() (OffchainAggregator.sol#168)
OffchainAggregatorBilling.s_transmitters (OffchainAggregatorBilling.sol#143) can be used in cross function reentrancies:
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
- OffchainAggregator.transmitters() (OffchainAggregator.sol#252-258)
- s_transmitters.push(_transmitters[i]) (OffchainAggregator.sol#184)
OffchainAggregatorBilling.s_transmitters (OffchainAggregatorBilling.sol#143) can be used in cross function reentrancies:
- OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregatorBilling.totalLINKDue() (OffchainAggregatorBilling.sol#508-535)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
- OffchainAggregator.transmitters() (OffchainAggregator.sol#252-258)
Reentrancy in OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644):
External calls:
- validateAnswer(r.hotVars.latestAggregatorRoundId,median) (OffchainAggregator.sol#639)
- av.validate{gas: VALIDATOR_GAS_LIMIT}(prevAggregatorRoundId,prevAggregatorRoundAnswer,_aggregatorRoundId,_answer) (OffchainAggregator.sol#322-327)
State variables written after the call(s):
- s_hotVars = r.hotVars (OffchainAggregator.sol#641)
OffchainAggregator.s_hotVars (OffchainAggregator.sol#39) can be used in cross function reentrancies:
- OffchainAggregator.latestAnswer() (OffchainAggregator.sol#653-661)
- OffchainAggregator.latestConfigDetails() (OffchainAggregator.sol#235-245)
- OffchainAggregator.latestRound() (OffchainAggregator.sol#679-687)
- OffchainAggregator.latestRoundData() (OffchainAggregator.sol#791-817)
- OffchainAggregator.latestTimestamp() (OffchainAggregator.sol#666-674)
- OffchainAggregator.latestTransmissionDetails() (OffchainAggregator.sol#454-473)
- OffchainAggregator.requestNewRound() (OffchainAggregator.sol#385-398)
- OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212)
- OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32).r (OffchainAggregator.sol#526) is a local variable never initialized
OffchainAggregatorBilling.constructor(uint32,uint32,uint32,uint32,uint32,address,AccessControllerInterface).gas (OffchainAggregatorBilling.sol#163) is a local variable never initialized
OffchainAggregatorBilling.constructor(uint32,uint32,uint32,uint32,uint32,address,AccessControllerInterface).counts (OffchainAggregatorBilling.sol#162) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
INFO:Detectors:
OffchainAggregator.validateAnswer(uint32,int256) (OffchainAggregator.sol#309-328) ignores return value by av.validate{gas: VALIDATOR_GAS_LIMIT}(prevAggregatorRoundId,prevAggregatorRoundAnswer,_aggregatorRoundId,_answer) (OffchainAggregator.sol#322-327)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
AccessControlledOffchainAggregator.constructor(uint32,uint32,uint32,uint32,uint32,address,address,int192,int192,AccessControllerInterface,AccessControllerInterface,uint8,string).description (AccessControlledOffchainAggregator.sol#25) shadows:
- AccessControlledOffchainAggregator.description() (AccessControlledOffchainAggregator.sol#108-116) (function)
- OffchainAggregator.description() (OffchainAggregator.sol#740-748) (function)
- AggregatorV3Interface.description() (AggregatorV3Interface.sol#7) (function)
OffchainAggregator.latestTransmissionDetails().latestAnswer (OffchainAggregator.sol#461) shadows:
- OffchainAggregator.latestAnswer() (OffchainAggregator.sol#653-661) (function)
- AggregatorInterface.latestAnswer() (AggregatorInterface.sol#5) (function)
OffchainAggregator.latestTransmissionDetails().latestTimestamp (OffchainAggregator.sol#462) shadows:
- OffchainAggregator.latestTimestamp() (OffchainAggregator.sol#666-674) (function)
- AggregatorInterface.latestTimestamp() (AggregatorInterface.sol#6) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
Owned.transferOwnership(address)._to (Owned.sol#30) lacks a zero-check on :
- pendingOwner = _to (Owned.sol#34)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358) has external calls inside a loop: require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#353)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
INFO:Detectors:
Reentrancy in OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212):
External calls:
- payOracle(transmitter) (OffchainAggregator.sol#164)
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#353)
State variables written after the call(s):
- s_configCount += 1 (OffchainAggregator.sol#189)
- s_hotVars.threshold = _threshold (OffchainAggregator.sol#186)
- s_hotVars.latestConfigDigest = configDigestFromConfigData(address(this),configCount,_signers,_transmitters,_threshold,_encodedConfigVersion,_encoded) (OffchainAggregator.sol#192-200)
- s_hotVars.latestEpochAndRound = 0 (OffchainAggregator.sol#201)
- s_latestConfigBlockNumber = uint32(block.number) (OffchainAggregator.sol#188)
Reentrancy in OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32) (OffchainAggregator.sol#508-644):
External calls:
- validateAnswer(r.hotVars.latestAggregatorRoundId,median) (OffchainAggregator.sol#639)
- av.validate{gas: VALIDATOR_GAS_LIMIT}(prevAggregatorRoundId,prevAggregatorRoundAnswer,_aggregatorRoundId,_answer) (OffchainAggregator.sol#322-327)
State variables written after the call(s):
- reimburseAndRewardOracles(uint32(initialGas),r.observers) (OffchainAggregator.sol#643)
- s_gasReimbursementsLinkWei[txOracle.index] = s_gasReimbursementsLinkWei[txOracle.index] + gasCostLinkWei + uint256(billing.linkGweiPerTransmission) * (1000000000) (OffchainAggregatorBilling.sol#615-617)
- reimburseAndRewardOracles(uint32(initialGas),r.observers) (OffchainAggregator.sol#643)
- s_oracleObservationsCounts = oracleRewards(observers,s_oracleObservationsCounts) (OffchainAggregatorBilling.sol#580-581)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2
INFO:Detectors:
Reentrancy in OffchainAggregatorBilling.payOracle(address) (OffchainAggregatorBilling.sol#344-358):
External calls:
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#353)
Event emitted after the call(s):
- OraclePaid(_transmitter,payee,linkWeiAmount) (OffchainAggregatorBilling.sol#356)
Reentrancy in OffchainAggregatorBilling.payOracles() (OffchainAggregatorBilling.sol#364-390):
External calls:
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#381)
Event emitted after the call(s):
- OraclePaid(transmitters[transmitteridx],payee,linkWeiAmount) (OffchainAggregatorBilling.sol#384)
Reentrancy in OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32) (OffchainAggregatorBilling.sol#213-228):
External calls:
- payOracles() (OffchainAggregatorBilling.sol#225)
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#381)
Event emitted after the call(s):
- BillingSet(_maximumGasPrice,_reasonableGasPrice,_microLinkPerEth,_linkGweiPerObservation,_linkGweiPerTransmission) (OffchainAggregatorBilling.sol#200-201)
- setBillingInternal(_maximumGasPrice,_reasonableGasPrice,_microLinkPerEth,_linkGweiPerObservation,_linkGweiPerTransmission) (OffchainAggregatorBilling.sol#226-227)
Reentrancy in OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212):
External calls:
- payOracle(transmitter) (OffchainAggregator.sol#164)
- require(bool,string)(LINK.transfer(payee,linkWeiAmount),insufficient funds) (OffchainAggregatorBilling.sol#353)
Event emitted after the call(s):
- ConfigSet(previousConfigBlockNumber,configCount,_signers,_transmitters,_threshold,_encodedConfigVersion,_encoded) (OffchainAggregator.sol#203-211)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212) has costly operations inside a loop:
- delete s_oracles[signer] (OffchainAggregator.sol#165)
OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212) has costly operations inside a loop:
- delete s_oracles[transmitter] (OffchainAggregator.sol#166)
OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212) has costly operations inside a loop:
- s_signers.pop() (OffchainAggregator.sol#167)
OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes) (OffchainAggregator.sol#149-212) has costly operations inside a loop:
- s_transmitters.pop() (OffchainAggregator.sol#168)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#costly-operations-inside-a-loop
INFO:Detectors:
OffchainAggregator.decodeReport(bytes) (OffchainAggregator.sol#423-434) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Parameter AccessControlledOffchainAggregator.getAnswer(uint256)._roundId (AccessControlledOffchainAggregator.sol#82) is not in mixedCase
Parameter AccessControlledOffchainAggregator.getTimestamp(uint256)._roundId (AccessControlledOffchainAggregator.sol#93) is not in mixedCase
Parameter AccessControlledOffchainAggregator.getRoundData(uint80)._roundId (AccessControlledOffchainAggregator.sol#119) is not in mixedCase
Parameter OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes)._signers (OffchainAggregator.sol#150) is not in mixedCase
Parameter OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes)._transmitters (OffchainAggregator.sol#151) is not in mixedCase
Parameter OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes)._threshold (OffchainAggregator.sol#152) is not in mixedCase
Parameter OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes)._encodedConfigVersion (OffchainAggregator.sol#153) is not in mixedCase
Parameter OffchainAggregator.setConfig(address[],address[],uint8,uint64,bytes)._encoded (OffchainAggregator.sol#154) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._contractAddress (OffchainAggregator.sol#215) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._configCount (OffchainAggregator.sol#216) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._signers (OffchainAggregator.sol#217) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._transmitters (OffchainAggregator.sol#218) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._threshold (OffchainAggregator.sol#219) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._encodedConfigVersion (OffchainAggregator.sol#220) is not in mixedCase
Parameter OffchainAggregator.configDigestFromConfigData(address,uint64,address[],address[],uint8,uint64,bytes)._encodedConfig (OffchainAggregator.sol#221) is not in mixedCase
Parameter OffchainAggregator.setValidator(address)._newValidator (OffchainAggregator.sol#296) is not in mixedCase
Parameter OffchainAggregator.validateAnswer(uint32,int256)._aggregatorRoundId (OffchainAggregator.sol#310) is not in mixedCase
Parameter OffchainAggregator.validateAnswer(uint32,int256)._answer (OffchainAggregator.sol#311) is not in mixedCase
Parameter OffchainAggregator.setRequesterAccessController(AccessControllerInterface)._requesterAccessController (OffchainAggregator.sol#368) is not in mixedCase
Parameter OffchainAggregator.decodeReport(bytes)._report (OffchainAggregator.sol#423) is not in mixedCase
Parameter OffchainAggregator.expectedMsgDataLength(bytes,bytes32[],bytes32[])._report (OffchainAggregator.sol#490) is not in mixedCase
Parameter OffchainAggregator.expectedMsgDataLength(bytes,bytes32[],bytes32[])._rs (OffchainAggregator.sol#490) is not in mixedCase
Parameter OffchainAggregator.expectedMsgDataLength(bytes,bytes32[],bytes32[])._ss (OffchainAggregator.sol#490) is not in mixedCase
Parameter OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32)._report (OffchainAggregator.sol#511) is not in mixedCase
Parameter OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32)._rs (OffchainAggregator.sol#512) is not in mixedCase
Parameter OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32)._ss (OffchainAggregator.sol#512) is not in mixedCase
Parameter OffchainAggregator.transmit(bytes,bytes32[],bytes32[],bytes32)._rawVs (OffchainAggregator.sol#512) is not in mixedCase
Parameter OffchainAggregator.getAnswer(uint256)._roundId (OffchainAggregator.sol#693) is not in mixedCase
Parameter OffchainAggregator.getTimestamp(uint256)._roundId (OffchainAggregator.sol#708) is not in mixedCase
Parameter OffchainAggregator.getRoundData(uint80)._roundId (OffchainAggregator.sol#759) is not in mixedCase
Constant OffchainAggregator.maxUint32 (OffchainAggregator.sol#19) is not in UPPER_CASE_WITH_UNDERSCORES
Variable OffchainAggregator.s_hotVars (OffchainAggregator.sol#39) is not in mixedCase
Variable OffchainAggregator.s_transmissions (OffchainAggregator.sol#47) is not in mixedCase
Variable OffchainAggregator.s_configCount (OffchainAggregator.sol#51) is not in mixedCase
Variable OffchainAggregator.s_latestConfigBlockNumber (OffchainAggregator.sol#52) is not in mixedCase
Variable OffchainAggregator.s_validator (OffchainAggregator.sol#268) is not in mixedCase
Variable OffchainAggregator.s_requesterAccessController (OffchainAggregator.sol#334) is not in mixedCase
Variable OffchainAggregator.s_description (OffchainAggregator.sol#735) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingInternal(uint32,uint32,uint32,uint32,uint32)._maximumGasPrice (OffchainAggregatorBilling.sol#190) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingInternal(uint32,uint32,uint32,uint32,uint32)._reasonableGasPrice (OffchainAggregatorBilling.sol#191) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingInternal(uint32,uint32,uint32,uint32,uint32)._microLinkPerEth (OffchainAggregatorBilling.sol#192) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingInternal(uint32,uint32,uint32,uint32,uint32)._linkGweiPerObservation (OffchainAggregatorBilling.sol#193) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingInternal(uint32,uint32,uint32,uint32,uint32)._linkGweiPerTransmission (OffchainAggregatorBilling.sol#194) is not in mixedCase
Parameter OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32)._maximumGasPrice (OffchainAggregatorBilling.sol#214) is not in mixedCase
Parameter OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32)._reasonableGasPrice (OffchainAggregatorBilling.sol#215) is not in mixedCase
Parameter OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32)._microLinkPerEth (OffchainAggregatorBilling.sol#216) is not in mixedCase
Parameter OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32)._linkGweiPerObservation (OffchainAggregatorBilling.sol#217) is not in mixedCase
Parameter OffchainAggregatorBilling.setBilling(uint32,uint32,uint32,uint32,uint32)._linkGweiPerTransmission (OffchainAggregatorBilling.sol#218) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingAccessControllerInternal(AccessControllerInterface)._billingAccessController (OffchainAggregatorBilling.sol#266) is not in mixedCase
Parameter OffchainAggregatorBilling.setBillingAccessController(AccessControllerInterface)._billingAccessController (OffchainAggregatorBilling.sol#284) is not in mixedCase
Parameter OffchainAggregatorBilling.withdrawPayment(address)._transmitter (OffchainAggregatorBilling.sol#308) is not in mixedCase
Parameter OffchainAggregatorBilling.owedPayment(address)._transmitter (OffchainAggregatorBilling.sol#319) is not in mixedCase
Parameter OffchainAggregatorBilling.payOracle(address)._transmitter (OffchainAggregatorBilling.sol#344) is not in mixedCase
Parameter OffchainAggregatorBilling.withdrawFunds(address,uint256)._recipient (OffchainAggregatorBilling.sol#496) is not in mixedCase
Parameter OffchainAggregatorBilling.withdrawFunds(address,uint256)._amount (OffchainAggregatorBilling.sol#496) is not in mixedCase
Parameter OffchainAggregatorBilling.oracleObservationCount(address)._signerOrTransmitter (OffchainAggregatorBilling.sol#559) is not in mixedCase
Parameter OffchainAggregatorBilling.setPayees(address[],address[])._transmitters (OffchainAggregatorBilling.sol#660) is not in mixedCase
Parameter OffchainAggregatorBilling.setPayees(address[],address[])._payees (OffchainAggregatorBilling.sol#661) is not in mixedCase
Parameter OffchainAggregatorBilling.transferPayeeship(address,address)._transmitter (OffchainAggregatorBilling.sol#689) is not in mixedCase
Parameter OffchainAggregatorBilling.transferPayeeship(address,address)._proposed (OffchainAggregatorBilling.sol#690) is not in mixedCase
Parameter OffchainAggregatorBilling.acceptPayeeship(address)._transmitter (OffchainAggregatorBilling.sol#711) is not in mixedCase
Parameter OffchainAggregatorBilling.saturatingAddUint16(uint16,uint16)._x (OffchainAggregatorBilling.sol#728) is not in mixedCase
Parameter OffchainAggregatorBilling.saturatingAddUint16(uint16,uint16)._y (OffchainAggregatorBilling.sol#728) is not in mixedCase
Constant OffchainAggregatorBilling.maxNumOracles (OffchainAggregatorBilling.sol#45) is not in UPPER_CASE_WITH_UNDERSCORES
Variable OffchainAggregatorBilling.s_billing (OffchainAggregatorBilling.sol#66) is not in mixedCase
Variable OffchainAggregatorBilling.LINK (OffchainAggregatorBilling.sol#71) is not in mixedCase
Variable OffchainAggregatorBilling.s_billingAccessController (OffchainAggregatorBilling.sol#73) is not in mixedCase
Variable OffchainAggregatorBilling.s_oracleObservationsCounts (OffchainAggregatorBilling.sol#84) is not in mixedCase
Variable OffchainAggregatorBilling.s_payees (OffchainAggregatorBilling.sol#87-89) is not in mixedCase
Variable OffchainAggregatorBilling.s_proposedPayees (OffchainAggregatorBilling.sol#92-94) is not in mixedCase
Variable OffchainAggregatorBilling.s_gasReimbursementsLinkWei (OffchainAggregatorBilling.sol#114) is not in mixedCase
Variable OffchainAggregatorBilling.s_oracles (OffchainAggregatorBilling.sol#135-136) is not in mixedCase
Variable OffchainAggregatorBilling.s_signers (OffchainAggregatorBilling.sol#139) is not in mixedCase
Variable OffchainAggregatorBilling.s_transmitters (OffchainAggregatorBilling.sol#143) is not in mixedCase
Constant OffchainAggregatorBilling.maxUint16 (OffchainAggregatorBilling.sol#145) is not in UPPER_CASE_WITH_UNDERSCORES
Constant OffchainAggregatorBilling.maxUint128 (OffchainAggregatorBilling.sol#146) is not in UPPER_CASE_WITH_UNDERSCORES
Constant OffchainAggregatorBilling.accountingGasCost (OffchainAggregatorBilling.sol#435) is not in UPPER_CASE_WITH_UNDERSCORES
Parameter Owned.transferOwnership(address)._to (Owned.sol#30) is not in mixedCase
Parameter SimpleReadAccessController.hasAccess(address,bytes)._user (SimpleReadAccessController.sol#24) is not in mixedCase
Parameter SimpleReadAccessController.hasAccess(address,bytes)._calldata (SimpleReadAccessController.sol#25) is not in mixedCase
Parameter SimpleWriteAccessController.hasAccess(address,bytes)._user (SimpleWriteAccessController.sol#34) is not in mixedCase
Parameter SimpleWriteAccessController.addAccess(address)._user (SimpleWriteAccessController.sol#50) is not in mixedCase
Parameter SimpleWriteAccessController.addAccessInternal(address)._user (SimpleWriteAccessController.sol#54) is not in mixedCase
Parameter SimpleWriteAccessController.removeAccess(address)._user (SimpleWriteAccessController.sol#65) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Variable OffchainAggregatorBilling.acceptPayeeship(address)._transmitter (OffchainAggregatorBilling.sol#711) is too similar to OffchainAggregatorBilling.payOracles().transmitters (OffchainAggregatorBilling.sol#371)
Variable OffchainAggregatorBilling.withdrawPayment(address)._transmitter (OffchainAggregatorBilling.sol#308) is too similar to OffchainAggregatorBilling.totalLINKDue().transmitters (OffchainAggregatorBilling.sol#529)
Variable OffchainAggregatorBilling.payOracle(address)._transmitter (OffchainAggregatorBilling.sol#344) is too similar to OffchainAggregatorBilling.totalLINKDue().transmitters (OffchainAggregatorBilling.sol#529)
Variable OffchainAggregatorBilling.transferPayeeship(address,address)._transmitter (OffchainAggregatorBilling.sol#689) is too similar to OffchainAggregatorBilling.totalLINKDue().transmitters (OffchainAggregatorBilling.sol#529)
Variable OffchainAggregatorBilling.owedPayment(address)._transmitter (OffchainAggregatorBilling.sol#319) is too similar to OffchainAggregatorBilling.payOracles().transmitters (OffchainAggregatorBilling.sol#371)
Variable OffchainAggregatorBilling.withdrawPayment(address)._transmitter (OffchainAggregatorBilling.sol#308) is too similar to OffchainAggregatorBilling.payOracles().transmitters (OffchainAggregatorBilling.sol#371)
Variable OffchainAggregatorBilling.acceptPayeeship(address)._transmitter (OffchainAggregatorBilling.sol#711) is too similar to OffchainAggregatorBilling.totalLINKDue().transmitters (OffchainAggregatorBilling.sol#529)
Variable OffchainAggregatorBilling.payOracle(address)._transmitter (OffchainAggregatorBilling.sol#344) is too similar to OffchainAggregatorBilling.payOracles().transmitters (OffchainAggregatorBilling.sol#371)
Variable OffchainAggregatorBilling.transferPayeeship(address,address)._transmitter (OffchainAggregatorBilling.sol#689) is too similar to OffchainAggregatorBilling.payOracles().transmitters (OffchainAggregatorBilling.sol#371)
Variable OffchainAggregatorBilling.owedPayment(address)._transmitter (OffchainAggregatorBilling.sol#319) is too similar to OffchainAggregatorBilling.totalLINKDue().transmitters (OffchainAggregatorBilling.sol#529)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar
INFO:Slither:0xbba12740DE905707251525477bAD74985DeC46D2 analyzed (12 contracts with 79 detectors), 120 result(s) found
Slither report for ACLManager at `0xc2aaCf6553D20d1e9d78E365AAba8032af9c85b0`
INFO:Detectors:
Context._msgData() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
Strings.toHexString(uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Strings.sol#39-50) is never used and should be removed
Strings.toString(uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Strings.sol#14-34) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Function IACLManager.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IACLManager.sol#16) is not in mixedCase
Function IACLManager.POOL_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#22) is not in mixedCase
Function IACLManager.EMERGENCY_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#28) is not in mixedCase
Function IACLManager.RISK_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#34) is not in mixedCase
Function IACLManager.FLASH_BORROWER_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#40) is not in mixedCase
Function IACLManager.BRIDGE_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#46) is not in mixedCase
Function IACLManager.ASSET_LISTING_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#52) is not in mixedCase
Variable ACLManager.ADDRESSES_PROVIDER (@aave/core-v3/contracts/protocol/configuration/ACLManager.sol#22) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Slither:0xc2aaCf6553D20d1e9d78E365AAba8032af9c85b0 analyzed (10 contracts with 79 detectors), 12 result(s) found
Slither report for EACAggregatorProxy at `0xDC530D9457755926550b59e8ECcdaE7624181557`
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:283:7: Warning: This declaration shadows an existing declaration.
uint80 roundId,
^------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:273:7: The shadowed declaration is here:
uint80 roundId,
^------------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:284:7: Warning: This declaration shadows an existing declaration.
int256 answer,
^-----------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:274:7: The shadowed declaration is here:
int256 answer,
^-----------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:285:7: Warning: This declaration shadows an existing declaration.
uint256 startedAt,
^---------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:275:7: The shadowed declaration is here:
uint256 startedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:286:7: Warning: This declaration shadows an existing declaration.
uint256 updatedAt,
^---------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:276:7: The shadowed declaration is here:
uint256 updatedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:331:7: Warning: This declaration shadows an existing declaration.
uint80 roundId,
^------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:321:7: The shadowed declaration is here:
uint80 roundId,
^------------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:332:7: Warning: This declaration shadows an existing declaration.
int256 answer,
^-----------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:322:7: The shadowed declaration is here:
int256 answer,
^-----------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:333:7: Warning: This declaration shadows an existing declaration.
uint256 startedAt,
^---------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:323:7: The shadowed declaration is here:
uint256 startedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:334:7: Warning: This declaration shadows an existing declaration.
uint256 updatedAt,
^---------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:324:7: The shadowed declaration is here:
uint256 updatedAt,
^---------------^
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:513:5: Warning: This declaration shadows an existing declaration.
uint16 phaseId = uint16(_roundId >> PHASE_OFFSET);
^------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:410:3: The shadowed declaration is here:
function phaseId()
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:525:7: Warning: This declaration shadows an existing declaration.
uint16 phaseId
^------------^
crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:410:3: The shadowed declaration is here:
function phaseId()
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:495:3: Warning: Function state mutability can be restricted to pure
function addPhase(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol:506:3: Warning: Function state mutability can be restricted to pure
function parseIds(
^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
AggregatorProxy.latestRoundData().updatedAt_scope_3 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#334) is a local variable never initialized
AggregatorProxy.latestRoundData().answer_scope_1 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#332) is a local variable never initialized
AggregatorProxy.getRoundData(uint80).startedAt_scope_2 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#285) is a local variable never initialized
AggregatorProxy.getRoundData(uint80).roundId_scope_0 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#283) is a local variable never initialized
AggregatorProxy.latestRoundData().startedAt_scope_2 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#333) is a local variable never initialized
AggregatorProxy.getRoundData(uint80).updatedAt_scope_3 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#286) is a local variable never initialized
AggregatorProxy.latestRoundData().roundId_scope_0 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#331) is a local variable never initialized
AggregatorProxy.getRoundData(uint80).answer_scope_1 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#284) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
INFO:Detectors:
AggregatorProxy.getAnswer(uint256).phaseId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#189) shadows:
- AggregatorProxy.phaseId() (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#410-416) (function)
AggregatorProxy.getAnswer(uint256).aggregator (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#190) shadows:
- AggregatorProxy.aggregator() (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#399-405) (function)
AggregatorProxy.getTimestamp(uint256).phaseId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#214) shadows:
- AggregatorProxy.phaseId() (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#410-416) (function)
AggregatorProxy.getTimestamp(uint256).aggregator (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#215) shadows:
- AggregatorProxy.aggregator() (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#399-405) (function)
AggregatorProxy.getRoundData(uint80).phaseId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#280) shadows:
- AggregatorProxy.phaseId() (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#410-416) (function)
AggregatorProxy.getRoundData(uint80).roundId_scope_0 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#283) shadows:
- AggregatorProxy.getRoundData(uint80).roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#273) (return variable)
- AggregatorProxy.getRoundData(uint80).roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#273) (return variable)
- AggregatorProxy.getRoundData(uint80).roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#273) (return variable)
- AggregatorProxy.getRoundData(uint80).roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#273) (return variable)
- AggregatorProxy.getRoundData(uint80).roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#273) (return variable)
AggregatorProxy.getRoundData(uint80).answer_scope_1 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#284) shadows:
- AggregatorProxy.getRoundData(uint80).answer (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#274) (return variable)
- AggregatorProxy.getRoundData(uint80).answer (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#274) (return variable)
- AggregatorProxy.getRoundData(uint80).answer (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#274) (return variable)
- AggregatorProxy.getRoundData(uint80).answer (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#274) (return variable)
- AggregatorProxy.getRoundData(uint80).answer (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#274) (return variable)
AggregatorProxy.getRoundData(uint80).startedAt_scope_2 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#285) shadows:
- AggregatorProxy.getRoundData(uint80).startedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#275) (return variable)
- AggregatorProxy.getRoundData(uint80).startedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#275) (return variable)
- AggregatorProxy.getRoundData(uint80).startedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#275) (return variable)
- AggregatorProxy.getRoundData(uint80).startedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#275) (return variable)
- AggregatorProxy.getRoundData(uint80).startedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#275) (return variable)
AggregatorProxy.getRoundData(uint80).updatedAt_scope_3 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#286) shadows:
- AggregatorProxy.getRoundData(uint80).updatedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#276) (return variable)
- AggregatorProxy.getRoundData(uint80).updatedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#276) (return variable)
- AggregatorProxy.getRoundData(uint80).updatedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#276) (return variable)
- AggregatorProxy.getRoundData(uint80).updatedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#276) (return variable)
- AggregatorProxy.getRoundData(uint80).updatedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#276) (return variable)
AggregatorProxy.latestRoundData().roundId_scope_0 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#331) shadows:
- AggregatorProxy.latestRoundData().roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#321) (return variable)
- AggregatorProxy.latestRoundData().roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#321) (return variable)
- AggregatorProxy.latestRoundData().roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#321) (return variable)
- AggregatorProxy.latestRoundData().roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#321) (return variable)
- AggregatorProxy.latestRoundData().roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#321) (return variable)
AggregatorProxy.latestRoundData().answer_scope_1 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#332) shadows:
- AggregatorProxy.latestRoundData().answer (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#322) (return variable)
- AggregatorProxy.latestRoundData().answer (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#322) (return variable)
- AggregatorProxy.latestRoundData().answer (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#322) (return variable)
- AggregatorProxy.latestRoundData().answer (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#322) (return variable)
- AggregatorProxy.latestRoundData().answer (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#322) (return variable)
AggregatorProxy.latestRoundData().startedAt_scope_2 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#333) shadows:
- AggregatorProxy.latestRoundData().startedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#323) (return variable)
- AggregatorProxy.latestRoundData().startedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#323) (return variable)
- AggregatorProxy.latestRoundData().startedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#323) (return variable)
- AggregatorProxy.latestRoundData().startedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#323) (return variable)
- AggregatorProxy.latestRoundData().startedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#323) (return variable)
AggregatorProxy.latestRoundData().updatedAt_scope_3 (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#334) shadows:
- AggregatorProxy.latestRoundData().updatedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#324) (return variable)
- AggregatorProxy.latestRoundData().updatedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#324) (return variable)
- AggregatorProxy.latestRoundData().updatedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#324) (return variable)
- AggregatorProxy.latestRoundData().updatedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#324) (return variable)
- AggregatorProxy.latestRoundData().updatedAt (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#324) (return variable)
AggregatorProxy.parseIds(uint256).phaseId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#513) shadows:
- AggregatorProxy.phaseId() (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#410-416) (function)
AggregatorProxy.addPhaseIds(uint80,int256,uint256,uint256,uint80,uint16).phaseId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#525) shadows:
- AggregatorProxy.phaseId() (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#410-416) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
Owned.transferOwnership(address)._to (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#30) lacks a zero-check on :
- pendingOwner = _to (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#34)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Parameter Owned.transferOwnership(address)._to (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#30) is not in mixedCase
Parameter AggregatorProxy.getAnswer(uint256)._roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#180) is not in mixedCase
Parameter AggregatorProxy.getTimestamp(uint256)._roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#205) is not in mixedCase
Parameter AggregatorProxy.getRoundData(uint80)._roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#267) is not in mixedCase
Parameter AggregatorProxy.proposedGetRoundData(uint80)._roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#353) is not in mixedCase
Parameter AggregatorProxy.proposeAggregator(address)._aggregator (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#459) is not in mixedCase
Parameter AggregatorProxy.confirmAggregator(address)._aggregator (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#473) is not in mixedCase
Parameter AggregatorProxy.setAggregator(address)._aggregator (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#487) is not in mixedCase
Parameter AggregatorProxy.addPhase(uint16,uint64)._phase (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#496) is not in mixedCase
Parameter AggregatorProxy.addPhase(uint16,uint64)._originalId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#497) is not in mixedCase
Parameter AggregatorProxy.parseIds(uint256)._roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#507) is not in mixedCase
Parameter EACAggregatorProxy.setController(address)._accessController (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#582) is not in mixedCase
Parameter EACAggregatorProxy.getAnswer(uint256)._roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#638) is not in mixedCase
Parameter EACAggregatorProxy.getTimestamp(uint256)._roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#658) is not in mixedCase
Parameter EACAggregatorProxy.getRoundData(uint80)._roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#710) is not in mixedCase
Parameter EACAggregatorProxy.proposedGetRoundData(uint80)._roundId (crytic-export/etherscan-contracts/0xDC530D9457755926550b59e8ECcdaE7624181557-EACAggregatorProxy.sol#776) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0xDC530D9457755926550b59e8ECcdaE7624181557 analyzed (7 contracts with 79 detectors), 40 result(s) found
Slither report for Pool at `0xfCc00A1e250644d89AF0df661bC6f04891E21585`
INFO:Detectors:
FlashLoanLogic._handleFlashLoanRepayment(DataTypes.ReserveData,DataTypes.FlashLoanRepaymentParams) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#223-266) uses arbitrary from in transferFrom: IERC20(params.asset).safeTransferFrom(params.receiverAddress,reserveCache.aTokenAddress,amountPlusPremium) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#245-249)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#arbitrary-from-in-transferfrom
INFO:Detectors:
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (@aave/core-v3/contracts/protocol/libraries/math/MathUtils.sol#51-86) performs a multiplication on the result of a division:
- basePowerTwo = rate.rayMul(rate) / (SECONDS_PER_YEAR * SECONDS_PER_YEAR) (@aave/core-v3/contracts/protocol/libraries/math/MathUtils.sol#72)
- secondTerm = exp * expMinusOne * basePowerTwo (@aave/core-v3/contracts/protocol/libraries/math/MathUtils.sol#76)
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (@aave/core-v3/contracts/protocol/libraries/math/MathUtils.sol#51-86) performs a multiplication on the result of a division:
- basePowerThree = basePowerTwo.rayMul(rate) / SECONDS_PER_YEAR (@aave/core-v3/contracts/protocol/libraries/math/MathUtils.sol#73)
- thirdTerm = exp * expMinusOne * expMinusTwo * basePowerThree (@aave/core-v3/contracts/protocol/libraries/math/MathUtils.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
INFO:Detectors:
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (@aave/core-v3/contracts/protocol/libraries/math/MathUtils.sol#51-86) uses a dangerous strict equality:
- exp == 0 (@aave/core-v3/contracts/protocol/libraries/math/MathUtils.sol#59)
BorrowLogic.executeRepay(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),DataTypes.UserConfigurationMap,DataTypes.ExecuteRepayParams) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#180-265) uses a dangerous strict equality:
- params.interestRateMode == DataTypes.InterestRateMode.STABLE (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#217)
BorrowLogic.executeRepay(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),DataTypes.UserConfigurationMap,DataTypes.ExecuteRepayParams) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#180-265) uses a dangerous strict equality:
- stableDebt + variableDebt - paybackAmount == 0 (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#234)
GenericLogic.calculateUserAccountData(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.CalculateUserAccountDataParams) (@aave/core-v3/contracts/protocol/libraries/logic/GenericLogic.sol#64-196) uses a dangerous strict equality:
- vars.currentReserveAddress == address(0) (@aave/core-v3/contracts/protocol/libraries/logic/GenericLogic.sol#105)
GenericLogic.calculateUserAccountData(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.CalculateUserAccountDataParams) (@aave/core-v3/contracts/protocol/libraries/logic/GenericLogic.sol#64-196) uses a dangerous strict equality:
- vars.eModeAssetPrice != 0 && params.userEModeCategory == vars.eModeAssetCategory (@aave/core-v3/contracts/protocol/libraries/logic/GenericLogic.sol#127-130)
GenericLogic.calculateUserAccountData(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.CalculateUserAccountDataParams) (@aave/core-v3/contracts/protocol/libraries/logic/GenericLogic.sol#64-196) uses a dangerous strict equality:
- (vars.totalDebtInBaseCurrency == 0) (@aave/core-v3/contracts/protocol/libraries/logic/GenericLogic.sol#183-187)
LiquidationLogic._liquidateATokens(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),DataTypes.ReserveData,DataTypes.ExecuteLiquidationCallParams,LiquidationLogic.LiquidationCallLocalVars) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#285-314) uses a dangerous strict equality:
- liquidatorPreviousATokenBalance == 0 (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#300)
LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#96-242) uses a dangerous strict equality:
- vars.userTotalDebt == vars.actualDebtToLiquidate (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#165)
LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#96-242) uses a dangerous strict equality:
- vars.actualCollateralToLiquidate + vars.liquidationProtocolFeeAmount == vars.userCollateralBalance (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#172-173)
ReserveLogic.getNormalizedDebt(DataTypes.ReserveData) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#73-90) uses a dangerous strict equality:
- timestamp == block.timestamp (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#81)
ReserveLogic.getNormalizedIncome(DataTypes.ReserveData) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#47-64) uses a dangerous strict equality:
- timestamp == block.timestamp (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#55)
ReserveLogic.updateState(DataTypes.ReserveData,DataTypes.ReserveCache) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#97-112) uses a dangerous strict equality:
- reserve.lastUpdateTimestamp == uint40(block.timestamp) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#103)
ValidationLogic.validateBorrow(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ValidateBorrowParams) (@aave/core-v3/contracts/protocol/libraries/logic/ValidationLogic.sol#130-301) uses a dangerous strict equality:
- require(bool,string)(vars.siloedBorrowingAddress == params.asset,Errors.SILOED_BORROWING_VIOLATION) (@aave/core-v3/contracts/protocol/libraries/logic/ValidationLogic.sol#293)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
ReserveLogic.cache(DataTypes.ReserveData).reserveCache (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#334) is a local variable never initialized
ReserveLogic._accrueToTreasury(DataTypes.ReserveData,DataTypes.ReserveCache).vars (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#240) is a local variable never initialized
ReserveLogic.updateInterestRates(DataTypes.ReserveData,DataTypes.ReserveCache,address,uint256,uint256).vars (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#183) is a local variable never initialized
ValidationLogic.validateLiquidationCall(DataTypes.UserConfigurationMap,DataTypes.ReserveData,DataTypes.ValidateLiquidationCallParams).vars (@aave/core-v3/contracts/protocol/libraries/logic/ValidationLogic.sol#491) is a local variable never initialized
FlashLoanLogic.executeFlashLoan(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.FlashloanParams).vars (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#83) is a local variable never initialized
LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams).vars (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#103) is a local variable never initialized
LiquidationLogic._calculateAvailableCollateralToLiquidate(DataTypes.ReserveData,DataTypes.ReserveCache,address,address,uint256,uint256,uint256,IPriceOracleGetter).vars (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#500) is a local variable never initialized
ValidationLogic.validateBorrow(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ValidateBorrowParams).vars (@aave/core-v3/contracts/protocol/libraries/logic/ValidationLogic.sol#138) is a local variable never initialized
GenericLogic.calculateUserAccountData(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.CalculateUserAccountDataParams).vars (@aave/core-v3/contracts/protocol/libraries/logic/GenericLogic.sol#85) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
INFO:Detectors:
BorrowLogic.executeRebalanceStableBorrowRate(DataTypes.ReserveData,address,address) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#276-297) ignores return value by stableDebtToken.burn(user,stableDebt) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#289)
EModeLogic.executeSetUserEMode(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),mapping(address => uint8),DataTypes.UserConfigurationMap,DataTypes.ExecuteSetUserEModeParams) (@aave/core-v3/contracts/protocol/libraries/logic/EModeLogic.sol#42-75) ignores return value by ValidationLogic.validateHealthFactor(reservesData,reservesList,eModeCategories,userConfig,msg.sender,params.categoryId,params.reservesCount,params.oracle) (@aave/core-v3/contracts/protocol/libraries/logic/EModeLogic.sol#63-72)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
Pool.updateBridgeProtocolFee(uint256) (@aave/core-v3/contracts/protocol/pool/Pool.sol#673-680) should emit an event for:
- _bridgeProtocolFee = protocolFee (@aave/core-v3/contracts/protocol/pool/Pool.sol#679)
Pool.updateFlashloanPremiums(uint128,uint128) (@aave/core-v3/contracts/protocol/pool/Pool.sol#683-689) should emit an event for:
- _flashLoanPremiumTotal = flashLoanPremiumTotal (@aave/core-v3/contracts/protocol/pool/Pool.sol#687)
- _flashLoanPremiumToProtocol = flashLoanPremiumToProtocol (@aave/core-v3/contracts/protocol/pool/Pool.sol#688)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-events-arithmetic
INFO:Detectors:
FlashLoanLogic.executeFlashLoan(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.FlashloanParams) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#70-167) has external calls inside a loop: IAToken(reservesData[params.assets[vars.i]].aTokenAddress).transferUnderlyingTo(params.receiverAddress,vars.currentAmount) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#95-98)
FlashLoanLogic._handleFlashLoanRepayment(DataTypes.ReserveData,DataTypes.FlashLoanRepaymentParams) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#223-266) has external calls inside a loop: reserveCache.nextLiquidityIndex = reserve.cumulateToLiquidityIndex(IERC20(reserveCache.aTokenAddress).totalSupply() + uint256(reserve.accruedToTreasury).rayMul(reserveCache.nextLiquidityIndex),premiumToLP) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#233-237)
FlashLoanLogic._handleFlashLoanRepayment(DataTypes.ReserveData,DataTypes.FlashLoanRepaymentParams) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#223-266) has external calls inside a loop: IAToken(reserveCache.aTokenAddress).handleRepayment(params.receiverAddress,params.receiverAddress,amountPlusPremium) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#251-255)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,DataTypes.ReserveCache,address,uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#176-219) has external calls inside a loop: (vars.nextLiquidityRate,vars.nextStableRate,vars.nextVariableRate) = IReserveInterestRateStrategy(reserve.interestRateStrategyAddress).calculateInterestRates(DataTypes.CalculateInterestRatesParams(reserve.unbacked,liquidityAdded,liquidityTaken,reserveCache.nextTotalStableDebt,vars.totalVariableDebt,reserveCache.nextAvgStableBorrowRate,reserveCache.reserveFactor,reserveAddress,reserveCache.aTokenAddress)) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#189-205)
ReserveLogic.cache(DataTypes.ReserveData) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#329-367) has external calls inside a loop: reserveCache.currScaledVariableDebt = reserveCache.nextScaledVariableDebt = IVariableDebtToken(reserveCache.variableDebtTokenAddress).scaledTotalSupply() (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#350-352)
ReserveLogic.cache(DataTypes.ReserveData) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#329-367) has external calls inside a loop: (reserveCache.currPrincipalStableDebt,reserveCache.currTotalStableDebt,reserveCache.currAvgStableBorrowRate,reserveCache.stableDebtLastUpdateTimestamp) = IStableDebtToken(reserveCache.stableDebtTokenAddress).getSupplyData() (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#354-359)
FlashLoanLogic.executeFlashLoan(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.FlashloanParams) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#70-167) has external calls inside a loop: BorrowLogic.executeBorrow(reservesData,reservesList,eModeCategories,userConfig,DataTypes.ExecuteBorrowParams(vars.currentAsset,msg.sender,params.onBehalfOf,vars.currentAmount,DataTypes.InterestRateMode(params.interestRateModes[vars.i]),params.referralCode,false,params.maxStableRateBorrowSizePercent,params.reservesCount,IPoolAddressesProvider(params.addressesProvider).getPriceOracle(),params.userEModeCategory,IPoolAddressesProvider(params.addressesProvider).getPriceOracleSentinel())) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#134-154)
PoolLogic.executeMintToTreasury(mapping(address => DataTypes.ReserveData),address[]) (@aave/core-v3/contracts/protocol/libraries/logic/PoolLogic.sol#88-113) has external calls inside a loop: IAToken(reserve.aTokenAddress).mintToTreasury(amountToMint,normalizedIncome) (@aave/core-v3/contracts/protocol/libraries/logic/PoolLogic.sol#108)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
INFO:Detectors:
Reentrancy in FlashLoanLogic._handleFlashLoanRepayment(DataTypes.ReserveData,DataTypes.FlashLoanRepaymentParams) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#223-266):
External calls:
- IAToken(reserveCache.aTokenAddress).handleRepayment(params.receiverAddress,params.receiverAddress,amountPlusPremium) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#251-255)
Event emitted after the call(s):
- FlashLoan(params.receiverAddress,msg.sender,params.asset,params.amount,DataTypes.InterestRateMode(0),params.totalPremium,params.referralCode) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#257-265)
Reentrancy in LiquidationLogic._liquidateATokens(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),DataTypes.ReserveData,DataTypes.ExecuteLiquidationCallParams,LiquidationLogic.LiquidationCallLocalVars) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#285-314):
External calls:
- vars.collateralAToken.transferOnLiquidation(params.user,msg.sender,vars.actualCollateralToLiquidate) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#294-298)
Event emitted after the call(s):
- ReserveUsedAsCollateralEnabled(params.collateralAsset,msg.sender) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#311)
Reentrancy in BorrowLogic.executeBorrow(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.ExecuteBorrowParams) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#67-167):
External calls:
- (isFirstBorrowing,reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = IStableDebtToken(reserveCache.stableDebtTokenAddress).mint(params.user,params.onBehalfOf,params.amount,currentStableRate) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#113-122)
- (isFirstBorrowing,reserveCache.nextScaledVariableDebt) = IVariableDebtToken(reserveCache.variableDebtTokenAddress).mint(params.user,params.onBehalfOf,params.amount,reserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#124-126)
Event emitted after the call(s):
- IsolationModeTotalDebtUpdated(isolationModeCollateralAddress,nextIsolationModeTotalDebt) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#139-142)
Reentrancy in BorrowLogic.executeBorrow(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.ExecuteBorrowParams) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#67-167):
External calls:
- (isFirstBorrowing,reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = IStableDebtToken(reserveCache.stableDebtTokenAddress).mint(params.user,params.onBehalfOf,params.amount,currentStableRate) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#113-122)
- (isFirstBorrowing,reserveCache.nextScaledVariableDebt) = IVariableDebtToken(reserveCache.variableDebtTokenAddress).mint(params.user,params.onBehalfOf,params.amount,reserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#124-126)
- IAToken(reserveCache.aTokenAddress).transferUnderlyingTo(params.user,params.amount) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#153)
Event emitted after the call(s):
- Borrow(params.asset,params.user,params.onBehalfOf,params.amount,params.interestRateMode,currentStableRate,params.referralCode) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#156-166)
- Borrow(params.asset,params.user,params.onBehalfOf,params.amount,params.interestRateMode,reserve.currentVariableBorrowRate,params.referralCode) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#156-166)
Reentrancy in FlashLoanLogic.executeFlashLoan(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.FlashloanParams) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#70-167):
External calls:
- IAToken(reservesData[params.assets[vars.i]].aTokenAddress).transferUnderlyingTo(params.receiverAddress,vars.currentAmount) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#95-98)
- require(bool,string)(vars.receiver.executeOperation(params.assets,params.amounts,vars.totalPremiums,msg.sender,params.params),Errors.INVALID_FLASHLOAN_EXECUTOR_RETURN) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#101-110)
- _handleFlashLoanRepayment(reservesData[vars.currentAsset],DataTypes.FlashLoanRepaymentParams(vars.currentAsset,params.receiverAddress,vars.currentAmount,vars.totalPremiums[vars.i],vars.flashloanPremiumToProtocol,params.referralCode)) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#120-130)
- IAToken(reserveCache.aTokenAddress).handleRepayment(params.receiverAddress,params.receiverAddress,amountPlusPremium) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#251-255)
- BorrowLogic.executeBorrow(reservesData,reservesList,eModeCategories,userConfig,DataTypes.ExecuteBorrowParams(vars.currentAsset,msg.sender,params.onBehalfOf,vars.currentAmount,DataTypes.InterestRateMode(params.interestRateModes[vars.i]),params.referralCode,false,params.maxStableRateBorrowSizePercent,params.reservesCount,IPoolAddressesProvider(params.addressesProvider).getPriceOracle(),params.userEModeCategory,IPoolAddressesProvider(params.addressesProvider).getPriceOracleSentinel())) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#134-154)
Event emitted after the call(s):
- FlashLoan(params.receiverAddress,msg.sender,params.asset,params.amount,DataTypes.InterestRateMode(0),params.totalPremium,params.referralCode) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#257-265)
- _handleFlashLoanRepayment(reservesData[vars.currentAsset],DataTypes.FlashLoanRepaymentParams(vars.currentAsset,params.receiverAddress,vars.currentAmount,vars.totalPremiums[vars.i],vars.flashloanPremiumToProtocol,params.referralCode)) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#120-130)
- FlashLoan(params.receiverAddress,msg.sender,vars.currentAsset,vars.currentAmount,DataTypes.InterestRateMode(params.interestRateModes[vars.i]),0,params.referralCode) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#156-164)
- ReserveDataUpdated(reserveAddress,vars.nextLiquidityRate,vars.nextStableRate,vars.nextVariableRate,reserveCache.nextLiquidityIndex,reserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#211-218)
- _handleFlashLoanRepayment(reservesData[vars.currentAsset],DataTypes.FlashLoanRepaymentParams(vars.currentAsset,params.receiverAddress,vars.currentAmount,vars.totalPremiums[vars.i],vars.flashloanPremiumToProtocol,params.referralCode)) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#120-130)
Reentrancy in FlashLoanLogic.executeFlashLoanSimple(DataTypes.ReserveData,DataTypes.FlashloanSimpleParams) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#179-215):
External calls:
- IAToken(reserve.aTokenAddress).transferUnderlyingTo(params.receiverAddress,params.amount) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#191)
- require(bool,string)(receiver.executeOperation(params.asset,params.amount,totalPremium,msg.sender,params.params),Errors.INVALID_FLASHLOAN_EXECUTOR_RETURN) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#193-202)
- _handleFlashLoanRepayment(reserve,DataTypes.FlashLoanRepaymentParams(params.asset,params.receiverAddress,params.amount,totalPremium,params.flashLoanPremiumToProtocol,params.referralCode)) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#204-214)
- IAToken(reserveCache.aTokenAddress).handleRepayment(params.receiverAddress,params.receiverAddress,amountPlusPremium) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#251-255)
Event emitted after the call(s):
- FlashLoan(params.receiverAddress,msg.sender,params.asset,params.amount,DataTypes.InterestRateMode(0),params.totalPremium,params.referralCode) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#257-265)
- _handleFlashLoanRepayment(reserve,DataTypes.FlashLoanRepaymentParams(params.asset,params.receiverAddress,params.amount,totalPremium,params.flashLoanPremiumToProtocol,params.referralCode)) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#204-214)
- ReserveDataUpdated(reserveAddress,vars.nextLiquidityRate,vars.nextStableRate,vars.nextVariableRate,reserveCache.nextLiquidityIndex,reserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#211-218)
- _handleFlashLoanRepayment(reserve,DataTypes.FlashLoanRepaymentParams(params.asset,params.receiverAddress,params.amount,totalPremium,params.flashLoanPremiumToProtocol,params.referralCode)) (@aave/core-v3/contracts/protocol/libraries/logic/FlashLoanLogic.sol#204-214)
Reentrancy in LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#96-242):
External calls:
- _burnDebtTokens(params,vars) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#179)
- vars.debtReserveCache.nextScaledVariableDebt = IVariableDebtToken(vars.debtReserveCache.variableDebtTokenAddress).burn(params.user,vars.actualDebtToLiquidate,vars.debtReserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#327-333)
- vars.debtReserveCache.nextScaledVariableDebt = IVariableDebtToken(vars.debtReserveCache.variableDebtTokenAddress).burn(params.user,vars.userVariableDebt,vars.debtReserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#337-339)
- (vars.debtReserveCache.nextTotalStableDebt,vars.debtReserveCache.nextAvgStableBorrowRate) = IStableDebtToken(vars.debtReserveCache.stableDebtTokenAddress).burn(params.user,vars.actualDebtToLiquidate - vars.userVariableDebt) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#341-347)
- _liquidateATokens(reservesData,reservesList,usersConfig,collateralReserve,params,vars) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#197)
- vars.collateralAToken.transferOnLiquidation(params.user,msg.sender,vars.actualCollateralToLiquidate) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#294-298)
Event emitted after the call(s):
- ReserveUsedAsCollateralEnabled(params.collateralAsset,msg.sender) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#311)
- _liquidateATokens(reservesData,reservesList,usersConfig,collateralReserve,params,vars) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#197)
Reentrancy in LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#96-242):
External calls:
- _burnDebtTokens(params,vars) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#179)
- vars.debtReserveCache.nextScaledVariableDebt = IVariableDebtToken(vars.debtReserveCache.variableDebtTokenAddress).burn(params.user,vars.actualDebtToLiquidate,vars.debtReserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#327-333)
- vars.debtReserveCache.nextScaledVariableDebt = IVariableDebtToken(vars.debtReserveCache.variableDebtTokenAddress).burn(params.user,vars.userVariableDebt,vars.debtReserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#337-339)
- (vars.debtReserveCache.nextTotalStableDebt,vars.debtReserveCache.nextAvgStableBorrowRate) = IStableDebtToken(vars.debtReserveCache.stableDebtTokenAddress).burn(params.user,vars.actualDebtToLiquidate - vars.userVariableDebt) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#341-347)
- _burnCollateralATokens(collateralReserve,params,vars) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#199)
- vars.collateralAToken.burn(params.user,msg.sender,vars.actualCollateralToLiquidate,collateralReserveCache.nextLiquidityIndex) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#266-271)
Event emitted after the call(s):
- ReserveDataUpdated(reserveAddress,vars.nextLiquidityRate,vars.nextStableRate,vars.nextVariableRate,reserveCache.nextLiquidityIndex,reserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#211-218)
- _burnCollateralATokens(collateralReserve,params,vars) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#199)
Reentrancy in LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#96-242):
External calls:
- _burnDebtTokens(params,vars) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#179)
- vars.debtReserveCache.nextScaledVariableDebt = IVariableDebtToken(vars.debtReserveCache.variableDebtTokenAddress).burn(params.user,vars.actualDebtToLiquidate,vars.debtReserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#327-333)
- vars.debtReserveCache.nextScaledVariableDebt = IVariableDebtToken(vars.debtReserveCache.variableDebtTokenAddress).burn(params.user,vars.userVariableDebt,vars.debtReserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#337-339)
- (vars.debtReserveCache.nextTotalStableDebt,vars.debtReserveCache.nextAvgStableBorrowRate) = IStableDebtToken(vars.debtReserveCache.stableDebtTokenAddress).burn(params.user,vars.actualDebtToLiquidate - vars.userVariableDebt) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#341-347)
- _liquidateATokens(reservesData,reservesList,usersConfig,collateralReserve,params,vars) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#197)
- vars.collateralAToken.transferOnLiquidation(params.user,msg.sender,vars.actualCollateralToLiquidate) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#294-298)
- _burnCollateralATokens(collateralReserve,params,vars) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#199)
- vars.collateralAToken.burn(params.user,msg.sender,vars.actualCollateralToLiquidate,collateralReserveCache.nextLiquidityIndex) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#266-271)
- vars.collateralAToken.transferOnLiquidation(params.user,vars.collateralAToken.RESERVE_TREASURY_ADDRESS(),vars.liquidationProtocolFeeAmount) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#213-217)
- IAToken(vars.debtReserveCache.aTokenAddress).handleRepayment(msg.sender,params.user,vars.actualDebtToLiquidate) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#227-231)
Event emitted after the call(s):
- LiquidationCall(params.collateralAsset,params.debtAsset,params.user,vars.actualDebtToLiquidate,vars.actualCollateralToLiquidate,msg.sender,params.receiveAToken) (@aave/core-v3/contracts/protocol/libraries/logic/LiquidationLogic.sol#233-241)
Reentrancy in PoolLogic.executeMintToTreasury(mapping(address => DataTypes.ReserveData),address[]) (@aave/core-v3/contracts/protocol/libraries/logic/PoolLogic.sol#88-113):
External calls:
- IAToken(reserve.aTokenAddress).mintToTreasury(amountToMint,normalizedIncome) (@aave/core-v3/contracts/protocol/libraries/logic/PoolLogic.sol#108)
Event emitted after the call(s):
- MintedToTreasury(assetAddress,amountToMint) (@aave/core-v3/contracts/protocol/libraries/logic/PoolLogic.sol#110)
Reentrancy in BridgeLogic.executeMintUnbacked(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),DataTypes.UserConfigurationMap,address,uint256,address,uint16) (@aave/core-v3/contracts/protocol/libraries/logic/BridgeLogic.sol#52-99):
External calls:
- isFirstSupply = IAToken(reserveCache.aTokenAddress).mint(msg.sender,onBehalfOf,amount,reserveCache.nextLiquidityIndex) (@aave/core-v3/contracts/protocol/libraries/logic/BridgeLogic.sol#77-82)
Event emitted after the call(s):
- MintUnbacked(asset,msg.sender,onBehalfOf,amount,referralCode) (@aave/core-v3/contracts/protocol/libraries/logic/BridgeLogic.sol#98)
- ReserveUsedAsCollateralEnabled(asset,onBehalfOf) (@aave/core-v3/contracts/protocol/libraries/logic/BridgeLogic.sol#94)
Reentrancy in BorrowLogic.executeRebalanceStableBorrowRate(DataTypes.ReserveData,address,address) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#276-297):
External calls:
- stableDebtToken.burn(user,stableDebt) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#289)
- (None,reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = stableDebtToken.mint(user,user,stableDebt,reserve.currentStableBorrowRate) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#291-292)
Event emitted after the call(s):
- RebalanceStableBorrowRate(asset,user) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#296)
Reentrancy in BorrowLogic.executeRepay(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),DataTypes.UserConfigurationMap,DataTypes.ExecuteRepayParams) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#180-265):
External calls:
- (reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = IStableDebtToken(reserveCache.stableDebtTokenAddress).burn(params.onBehalfOf,paybackAmount) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#218-220)
- reserveCache.nextScaledVariableDebt = IVariableDebtToken(reserveCache.variableDebtTokenAddress).burn(params.onBehalfOf,paybackAmount,reserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#222-224)
- IAToken(reserveCache.aTokenAddress).burn(msg.sender,reserveCache.aTokenAddress,paybackAmount,reserveCache.nextLiquidityIndex) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#247-252)
- IAToken(reserveCache.aTokenAddress).handleRepayment(msg.sender,params.onBehalfOf,paybackAmount) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#255-259)
Event emitted after the call(s):
- Repay(params.asset,params.onBehalfOf,msg.sender,paybackAmount,params.useATokens) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#262)
Reentrancy in SupplyLogic.executeSupply(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),DataTypes.UserConfigurationMap,DataTypes.ExecuteSupplyParams) (@aave/core-v3/contracts/protocol/libraries/logic/SupplyLogic.sol#52-91):
External calls:
- isFirstSupply = IAToken(reserveCache.aTokenAddress).mint(msg.sender,params.onBehalfOf,params.amount,reserveCache.nextLiquidityIndex) (@aave/core-v3/contracts/protocol/libraries/logic/SupplyLogic.sol#69-74)
Event emitted after the call(s):
- ReserveUsedAsCollateralEnabled(params.asset,params.onBehalfOf) (@aave/core-v3/contracts/protocol/libraries/logic/SupplyLogic.sol#86)
- Supply(params.asset,msg.sender,params.onBehalfOf,params.amount,params.referralCode) (@aave/core-v3/contracts/protocol/libraries/logic/SupplyLogic.sol#90)
Reentrancy in BorrowLogic.executeSwapBorrowRateMode(DataTypes.ReserveData,DataTypes.UserConfigurationMap,address,DataTypes.InterestRateMode) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#307-352):
External calls:
- (reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = IStableDebtToken(reserveCache.stableDebtTokenAddress).burn(msg.sender,stableDebt) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#332-334)
- (None,reserveCache.nextScaledVariableDebt) = IVariableDebtToken(reserveCache.variableDebtTokenAddress).mint(msg.sender,msg.sender,stableDebt,reserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#336-338)
- reserveCache.nextScaledVariableDebt = IVariableDebtToken(reserveCache.variableDebtTokenAddress).burn(msg.sender,variableDebt,reserveCache.nextVariableBorrowIndex) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#340-342)
- (None,reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = IStableDebtToken(reserveCache.stableDebtTokenAddress).mint(msg.sender,msg.sender,variableDebt,reserve.currentStableBorrowRate) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#344-346)
Event emitted after the call(s):
- SwapBorrowRateMode(asset,msg.sender,interestRateMode) (@aave/core-v3/contracts/protocol/libraries/logic/BorrowLogic.sol#351)
Reentrancy in SupplyLogic.executeWithdraw(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.ExecuteWithdrawParams) (@aave/core-v3/contracts/protocol/libraries/logic/SupplyLogic.sol#105-162):
External calls:
- IAToken(reserveCache.aTokenAddress).burn(msg.sender,params.to,amountToWithdraw,reserveCache.nextLiquidityIndex) (@aave/core-v3/contracts/protocol/libraries/logic/SupplyLogic.sol#138-143)
Event emitted after the call(s):
- Withdraw(params.asset,msg.sender,params.to,amountToWithdraw) (@aave/core-v3/contracts/protocol/libraries/logic/SupplyLogic.sol#159)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
ReserveLogic.getNormalizedIncome(DataTypes.ReserveData) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#47-64) uses timestamp for comparisons
Dangerous comparisons:
- timestamp == block.timestamp (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#55)
ReserveLogic.getNormalizedDebt(DataTypes.ReserveData) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#73-90) uses timestamp for comparisons
Dangerous comparisons:
- timestamp == block.timestamp (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#81)
ReserveLogic.updateState(DataTypes.ReserveData,DataTypes.ReserveCache) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#97-112) uses timestamp for comparisons
Dangerous comparisons:
- reserve.lastUpdateTimestamp == uint40(block.timestamp) (@aave/core-v3/contracts/protocol/libraries/logic/ReserveLogic.sol#103)
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (@aave/core-v3/contracts/protocol/libraries/math/MathUtils.sol#51-86) uses timestamp for comparisons
Dangerous comparisons:
- exp == 0 (@aave/core-v3/contracts/protocol/libraries/math/MathUtils.sol#59)
- exp > 2 (@aave/core-v3/contracts/protocol/libraries/math/MathUtils.sol#70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
GPv2SafeERC20.safeTransfer(IERC20,address,uint256) (@aave/core-v3/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#12-33) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#20-30)
GPv2SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (@aave/core-v3/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#37-60) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#46-57)
GPv2SafeERC20.getLastTransferResult(IERC20) (@aave/core-v3/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#65-123) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#73-122)
GPv2SafeERC20.getLastTransferResult.asm_0.revertWithMessage() (@aave/core-v3/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#86-92) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#86-92)
Address.isContract(address) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
VersionedInitializable.isConstructor() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
PercentageMath.percentMul(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#25-39) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#27-38)
PercentageMath.percentDiv(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#48-60) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#50-59)
WadRayMath.wadMul(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#29-38) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#31-37)
WadRayMath.wadDiv(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#47-56) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#49-55)
WadRayMath.rayMul(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#65-74) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#67-73)
WadRayMath.rayDiv(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#83-92) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#85-91)
WadRayMath.rayToWad(uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#100-108) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#101-107)
WadRayMath.wadToRay(uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#116-125) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#118-124)
Pool.getReservesList() (@aave/core-v3/contracts/protocol/pool/Pool.sol#537-555) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/pool/Pool.sol#551-553)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
GenericLogic.calculateUserAccountData(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.CalculateUserAccountDataParams) (@aave/core-v3/contracts/protocol/libraries/logic/GenericLogic.sol#64-196) has a high cyclomatic complexity (14).
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#cyclomatic-complexity
INFO:Detectors:
Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
ReserveConfiguration.getBorrowingEnabled(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#316-322) is never used and should be removed
ReserveConfiguration.getCaps(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#648-659) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#209-211) is never used and should be removed
ReserveConfiguration.getStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#343-349) is never used and should be removed
ReserveConfiguration.setActive(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#178-182) is never used and should be removed
ReserveConfiguration.setBorrowCap(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#385-392) is never used and should be removed
ReserveConfiguration.setBorrowableInIsolation(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#242-249) is never used and should be removed
ReserveConfiguration.setBorrowingEnabled(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#302-309) is never used and should be removed
ReserveConfiguration.setDebtCeiling(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#439-446) is never used and should be removed
ReserveConfiguration.setDecimals(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#151-158) is never used and should be removed
ReserveConfiguration.setEModeCategory(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#528-535) is never used and should be removed
ReserveConfiguration.setFlashLoanEnabled(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#555-562) is never used and should be removed
ReserveConfiguration.setFrozen(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#198-202) is never used and should be removed
ReserveConfiguration.setLiquidationBonus(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#122-131) is never used and should be removed
ReserveConfiguration.setLiquidationProtocolFee(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#466-478) is never used and should be removed
ReserveConfiguration.setLiquidationThreshold(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#93-102) is never used and should be removed
ReserveConfiguration.setLtv(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#73-77) is never used and should be removed
ReserveConfiguration.setPaused(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#218-222) is never used and should be removed
ReserveConfiguration.setReserveFactor(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#356-365) is never used and should be removed
ReserveConfiguration.setSiloedBorrowing(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#274-281) is never used and should be removed
ReserveConfiguration.setStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#329-336) is never used and should be removed
ReserveConfiguration.setSupplyCap(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#412-419) is never used and should be removed
ReserveConfiguration.setUnbackedMintCap(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#499-508) is never used and should be removed
SafeCast.toInt128(int256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#151-157) is never used and should be removed
SafeCast.toInt16(int256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#214-220) is never used and should be removed
SafeCast.toInt256(uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#250-254) is never used and should be removed
SafeCast.toInt32(int256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#193-199) is never used and should be removed
SafeCast.toInt64(int256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#172-178) is never used and should be removed
SafeCast.toInt8(int256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#235-241) is never used and should be removed
SafeCast.toUint16(uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#106-109) is never used and should be removed
SafeCast.toUint224(uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#31-34) is never used and should be removed
SafeCast.toUint256(int256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#133-136) is never used and should be removed
SafeCast.toUint32(uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#91-94) is never used and should be removed
SafeCast.toUint64(uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#76-79) is never used and should be removed
SafeCast.toUint8(uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#121-124) is never used and should be removed
SafeCast.toUint96(uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#61-64) is never used and should be removed
WadRayMath.rayToWad(uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#100-108) is never used and should be removed
WadRayMath.wadMul(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#29-38) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter GPv2SafeERC20.getLastTransferResult.asm_0.revertWithMessage().length_getLastTransferResult_asm_0_revertWithMessage (@aave/core-v3/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#86) is not in mixedCase
Parameter GPv2SafeERC20.getLastTransferResult.asm_0.revertWithMessage().message_getLastTransferResult_asm_0_revertWithMessage (@aave/core-v3/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#86) is not in mixedCase
Function IFlashLoanReceiver.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/flashloan/interfaces/IFlashLoanReceiver.sol#33) is not in mixedCase
Function IFlashLoanReceiver.POOL() (@aave/core-v3/contracts/flashloan/interfaces/IFlashLoanReceiver.sol#35) is not in mixedCase
Function IFlashLoanSimpleReceiver.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/flashloan/interfaces/IFlashLoanSimpleReceiver.sol#33) is not in mixedCase
Function IFlashLoanSimpleReceiver.POOL() (@aave/core-v3/contracts/flashloan/interfaces/IFlashLoanSimpleReceiver.sol#35) is not in mixedCase
Function IACLManager.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IACLManager.sol#16) is not in mixedCase
Function IACLManager.POOL_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#22) is not in mixedCase
Function IACLManager.EMERGENCY_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#28) is not in mixedCase
Function IACLManager.RISK_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#34) is not in mixedCase
Function IACLManager.FLASH_BORROWER_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#40) is not in mixedCase
Function IACLManager.BRIDGE_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#46) is not in mixedCase
Function IACLManager.ASSET_LISTING_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#52) is not in mixedCase
Function IAToken.UNDERLYING_ASSET_ADDRESS() (@aave/core-v3/contracts/interfaces/IAToken.sol#122) is not in mixedCase
Function IAToken.RESERVE_TREASURY_ADDRESS() (@aave/core-v3/contracts/interfaces/IAToken.sol#128) is not in mixedCase
Function IAToken.DOMAIN_SEPARATOR() (@aave/core-v3/contracts/interfaces/IAToken.sol#135) is not in mixedCase
Function IPool.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IPool.sol#630) is not in mixedCase
Function IPool.MAX_STABLE_RATE_BORROW_SIZE_PERCENT() (@aave/core-v3/contracts/interfaces/IPool.sol#693) is not in mixedCase
Function IPool.FLASHLOAN_PREMIUM_TOTAL() (@aave/core-v3/contracts/interfaces/IPool.sol#699) is not in mixedCase
Function IPool.BRIDGE_PROTOCOL_FEE() (@aave/core-v3/contracts/interfaces/IPool.sol#705) is not in mixedCase
Function IPool.FLASHLOAN_PREMIUM_TO_PROTOCOL() (@aave/core-v3/contracts/interfaces/IPool.sol#711) is not in mixedCase
Function IPool.MAX_NUMBER_RESERVES() (@aave/core-v3/contracts/interfaces/IPool.sol#717) is not in mixedCase
Function IPriceOracleGetter.BASE_CURRENCY() (@aave/core-v3/contracts/interfaces/IPriceOracleGetter.sol#15) is not in mixedCase
Function IPriceOracleGetter.BASE_CURRENCY_UNIT() (@aave/core-v3/contracts/interfaces/IPriceOracleGetter.sol#22) is not in mixedCase
Function IPriceOracleSentinel.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IPriceOracleSentinel.sol#28) is not in mixedCase
Function IStableDebtToken.UNDERLYING_ASSET_ADDRESS() (@aave/core-v3/contracts/interfaces/IStableDebtToken.sol#152) is not in mixedCase
Function IVariableDebtToken.UNDERLYING_ASSET_ADDRESS() (@aave/core-v3/contracts/interfaces/IVariableDebtToken.sol#49) is not in mixedCase
Variable VersionedInitializable.______gap (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Function Pool.MAX_STABLE_RATE_BORROW_SIZE_PERCENT() (@aave/core-v3/contracts/protocol/pool/Pool.sol#563-565) is not in mixedCase
Function Pool.BRIDGE_PROTOCOL_FEE() (@aave/core-v3/contracts/protocol/pool/Pool.sol#568-570) is not in mixedCase
Function Pool.FLASHLOAN_PREMIUM_TOTAL() (@aave/core-v3/contracts/protocol/pool/Pool.sol#573-575) is not in mixedCase
Function Pool.FLASHLOAN_PREMIUM_TO_PROTOCOL() (@aave/core-v3/contracts/protocol/pool/Pool.sol#578-580) is not in mixedCase
Function Pool.MAX_NUMBER_RESERVES() (@aave/core-v3/contracts/protocol/pool/Pool.sol#583-585) is not in mixedCase
Variable Pool.ADDRESSES_PROVIDER (@aave/core-v3/contracts/protocol/pool/Pool.sol#43) is not in mixedCase
Variable PoolStorage._reserves (@aave/core-v3/contracts/protocol/pool/PoolStorage.sol#21) is not in mixedCase
Variable PoolStorage._usersConfig (@aave/core-v3/contracts/protocol/pool/PoolStorage.sol#24) is not in mixedCase
Variable PoolStorage._reservesList (@aave/core-v3/contracts/protocol/pool/PoolStorage.sol#28) is not in mixedCase
Variable PoolStorage._eModeCategories (@aave/core-v3/contracts/protocol/pool/PoolStorage.sol#32) is not in mixedCase
Variable PoolStorage._usersEModeCategory (@aave/core-v3/contracts/protocol/pool/PoolStorage.sol#35) is not in mixedCase
Variable PoolStorage._bridgeProtocolFee (@aave/core-v3/contracts/protocol/pool/PoolStorage.sol#38) is not in mixedCase
Variable PoolStorage._flashLoanPremiumTotal (@aave/core-v3/contracts/protocol/pool/PoolStorage.sol#41) is not in mixedCase
Variable PoolStorage._flashLoanPremiumToProtocol (@aave/core-v3/contracts/protocol/pool/PoolStorage.sol#44) is not in mixedCase
Variable PoolStorage._maxStableRateBorrowSizePercent (@aave/core-v3/contracts/protocol/pool/PoolStorage.sol#47) is not in mixedCase
Variable PoolStorage._reservesCount (@aave/core-v3/contracts/protocol/pool/PoolStorage.sol#50) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0xfCc00A1e250644d89AF0df661bC6f04891E21585 analyzed (42 contracts with 79 detectors), 157 result(s) found
Slither report for PoolConfigurator at `0xFDA7ffA872bDc906D43079EA134ebC9a511db0c2`
Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#21) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#27-33) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
PoolConfigurator.setEModeCategory(uint8,uint16,uint16,uint16,address,string) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#341-392) has external calls inside a loop: currentConfig = _pool.getConfiguration(reserves[i]) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#371)
PoolConfigurator._onlyPoolOrEmergencyAdmin() (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#520-526) has external calls inside a loop: aclManager = IACLManager(_addressesProvider.getACLManager()) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#521)
PoolConfigurator._onlyPoolOrEmergencyAdmin() (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#520-526) has external calls inside a loop: require(bool,string)(aclManager.isPoolAdmin(msg.sender) || aclManager.isEmergencyAdmin(msg.sender),Errors.CALLER_NOT_POOL_OR_EMERGENCY_ADMIN) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#522-525)
PoolConfigurator.setReservePause(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#237-242) has external calls inside a loop: currentConfig = _pool.getConfiguration(asset) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#238)
PoolConfigurator.setReservePause(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#237-242) has external calls inside a loop: _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#240)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
INFO:Detectors:
Reentrancy in PoolConfigurator.configureReserveAsCollateral(address,uint256,uint256,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#138-177):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#174)
Event emitted after the call(s):
- CollateralConfigurationChanged(asset,ltv,liquidationThreshold,liquidationBonus) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#176)
Reentrancy in PoolConfigurator.dropReserve(address) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#94-97):
External calls:
- _pool.dropReserve(asset) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#95)
Event emitted after the call(s):
- ReserveDropped(asset) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#96)
Reentrancy in ConfiguratorLogic.executeInitReserve(IPool,ConfiguratorInputTypes.InitReserveInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#50-121):
External calls:
- aTokenProxyAddress = _initTokenWithProxy(input.aTokenImpl,abi.encodeWithSelector(IInitializableAToken.initialize.selector,pool,input.treasury,input.underlyingAsset,input.incentivesController,input.underlyingAssetDecimals,input.aTokenName,input.aTokenSymbol,input.params)) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#53-66)
- proxy.initialize(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#244)
- stableDebtTokenProxyAddress = _initTokenWithProxy(input.stableDebtTokenImpl,abi.encodeWithSelector(IInitializableDebtToken.initialize.selector,pool,input.underlyingAsset,input.incentivesController,input.underlyingAssetDecimals,input.stableDebtTokenName,input.stableDebtTokenSymbol,input.params)) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#68-80)
- proxy.initialize(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#244)
- variableDebtTokenProxyAddress = _initTokenWithProxy(input.variableDebtTokenImpl,abi.encodeWithSelector(IInitializableDebtToken.initialize.selector,pool,input.underlyingAsset,input.incentivesController,input.underlyingAssetDecimals,input.variableDebtTokenName,input.variableDebtTokenSymbol,input.params)) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#82-94)
- proxy.initialize(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#244)
- pool.initReserve(input.underlyingAsset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,input.interestRateStrategyAddress) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#96-102)
- pool.setConfiguration(input.underlyingAsset,currentConfig) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#112)
Event emitted after the call(s):
- ReserveInitialized(input.underlyingAsset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,input.interestRateStrategyAddress) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#114-120)
Reentrancy in ConfiguratorLogic.executeUpdateAToken(IPool,ConfiguratorInputTypes.UpdateATokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#129-152):
External calls:
- _upgradeTokenImplementation(reserveData.aTokenAddress,input.implementation,encodedCall) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#149)
- proxy.upgradeToAndCall(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#265)
Event emitted after the call(s):
- ATokenUpgraded(input.asset,reserveData.aTokenAddress,input.implementation) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#151)
Reentrancy in ConfiguratorLogic.executeUpdateStableDebtToken(IPool,ConfiguratorInputTypes.UpdateDebtTokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#160-190):
External calls:
- _upgradeTokenImplementation(reserveData.stableDebtTokenAddress,input.implementation,encodedCall) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#179-183)
- proxy.upgradeToAndCall(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#265)
Event emitted after the call(s):
- StableDebtTokenUpgraded(input.asset,reserveData.stableDebtTokenAddress,input.implementation) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#185-189)
Reentrancy in ConfiguratorLogic.executeUpdateVariableDebtToken(IPool,ConfiguratorInputTypes.UpdateDebtTokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#198-228):
External calls:
- _upgradeTokenImplementation(reserveData.variableDebtTokenAddress,input.implementation,encodedCall) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#217-221)
- proxy.upgradeToAndCall(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#265)
Event emitted after the call(s):
- VariableDebtTokenUpgraded(input.asset,reserveData.variableDebtTokenAddress,input.implementation) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#223-227)
Reentrancy in PoolConfigurator.setAssetEModeCategory(address,uint8) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#395-413):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#411)
Event emitted after the call(s):
- EModeAssetCategoryChanged(asset,uint8(oldCategoryId),newCategoryId) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#412)
Reentrancy in PoolConfigurator.setBorrowCap(address,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#301-311):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#309)
Event emitted after the call(s):
- BorrowCapChanged(asset,oldBorrowCap,newBorrowCap) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#310)
Reentrancy in PoolConfigurator.setBorrowableInIsolation(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#225-234):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#232)
Event emitted after the call(s):
- BorrowableInIsolationChanged(asset,borrowable) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#233)
Reentrancy in PoolConfigurator.setDebtCeiling(address,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#259-278):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#271)
- _pool.resetIsolationModeTotalDebt(asset) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#274)
Event emitted after the call(s):
- DebtCeilingChanged(asset,oldDebtCeiling,newDebtCeiling) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#277)
Reentrancy in PoolConfigurator.setEModeCategory(uint8,uint16,uint16,uint16,address,string) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#341-392):
External calls:
- _pool.configureEModeCategory(categoryId,DataTypes.EModeCategory(ltv,liquidationThreshold,liquidationBonus,oracle,label)) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#381-390)
Event emitted after the call(s):
- EModeCategoryAdded(categoryId,ltv,liquidationThreshold,liquidationBonus,oracle,label) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#391)
Reentrancy in PoolConfigurator.setLiquidationProtocolFee(address,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#327-338):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#336)
Event emitted after the call(s):
- LiquidationProtocolFeeChanged(asset,oldFee,newFee) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#337)
Reentrancy in PoolConfigurator.setReserveActive(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#208-214):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#212)
Event emitted after the call(s):
- ReserveActive(asset,active) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#213)
Reentrancy in PoolConfigurator.setReserveBorrowing(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#127-135):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#133)
Event emitted after the call(s):
- ReserveBorrowing(asset,enabled) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#134)
Reentrancy in PoolConfigurator.setReserveFactor(address,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#245-256):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#254)
Event emitted after the call(s):
- ReserveFactorChanged(asset,oldReserveFactor,newReserveFactor) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#255)
Reentrancy in PoolConfigurator.setReserveFlashLoaning(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#195-205):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#203)
Event emitted after the call(s):
- ReserveFlashLoaning(asset,enabled) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#204)
Reentrancy in PoolConfigurator.setReserveFreeze(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#217-222):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#220)
Event emitted after the call(s):
- ReserveFrozen(asset,freeze) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#221)
Reentrancy in PoolConfigurator.setReserveInterestRateStrategyAddress(address,address) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#429-438):
External calls:
- _pool.setReserveInterestRateStrategyAddress(asset,newRateStrategyAddress) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#436)
Event emitted after the call(s):
- ReserveInterestRateStrategyChanged(asset,oldRateStrategyAddress,newRateStrategyAddress) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#437)
Reentrancy in PoolConfigurator.setReservePause(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#237-242):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#240)
Event emitted after the call(s):
- ReservePaused(asset,paused) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#241)
Reentrancy in PoolConfigurator.setReserveStableRateBorrowing(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#180-192):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#190)
Event emitted after the call(s):
- ReserveStableRateBorrowing(asset,enabled) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#191)
Reentrancy in PoolConfigurator.setSiloedBorrowing(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#281-298):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#295)
Event emitted after the call(s):
- SiloedBorrowingChanged(asset,oldSiloed,newSiloed) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#297)
Reentrancy in PoolConfigurator.setSupplyCap(address,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#314-324):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#322)
Event emitted after the call(s):
- SupplyCapChanged(asset,oldSupplyCap,newSupplyCap) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#323)
Reentrancy in PoolConfigurator.setUnbackedMintCap(address,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#416-426):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#424)
Event emitted after the call(s):
- UnbackedMintCapChanged(asset,oldUnbackedMintCap,newUnbackedMintCap) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#425)
Reentrancy in PoolConfigurator.updateBridgeProtocolFee(uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#452-460):
External calls:
- _pool.updateBridgeProtocolFee(newBridgeProtocolFee) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#458)
Event emitted after the call(s):
- BridgeProtocolFeeUpdated(oldBridgeProtocolFee,newBridgeProtocolFee) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#459)
Reentrancy in PoolConfigurator.updateFlashloanPremiumToProtocol(uint128) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#478-493):
External calls:
- _pool.updateFlashloanPremiums(_pool.FLASHLOAN_PREMIUM_TOTAL(),newFlashloanPremiumToProtocol) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#488)
Event emitted after the call(s):
- FlashloanPremiumToProtocolUpdated(oldFlashloanPremiumToProtocol,newFlashloanPremiumToProtocol) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#489-492)
Reentrancy in PoolConfigurator.updateFlashloanPremiumTotal(uint128) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#463-475):
External calls:
- _pool.updateFlashloanPremiums(newFlashloanPremiumTotal,_pool.FLASHLOAN_PREMIUM_TO_PROTOCOL()) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#473)
Event emitted after the call(s):
- FlashloanPremiumTotalUpdated(oldFlashloanPremiumTotal,newFlashloanPremiumTotal) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#474)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
Address.isContract(address) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#32-38) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#35-37)
BaseUpgradeabilityProxy._setImplementation(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#53-65) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#62-64)
Proxy._delegate(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#32-56) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#34-55)
VersionedInitializable.isConstructor() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
PercentageMath.percentMul(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#25-39) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#27-38)
PercentageMath.percentDiv(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#48-60) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#50-59)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
PercentageMath.percentDiv(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#48-60) is never used and should be removed
ReserveConfiguration.getActive(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#189-191) is never used and should be removed
ReserveConfiguration.getBorrowableInIsolation(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#260-266) is never used and should be removed
ReserveConfiguration.getCaps(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#648-659) is never used and should be removed
ReserveConfiguration.getDecimals(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#165-171) is never used and should be removed
ReserveConfiguration.getFlags(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#586-606) is never used and should be removed
ReserveConfiguration.getFlashLoanEnabled(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#569-575) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#209-211) is never used and should be removed
ReserveConfiguration.getLiquidationBonus(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#138-144) is never used and should be removed
ReserveConfiguration.getPaused(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#229-231) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69-77):
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Function IACLManager.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IACLManager.sol#16) is not in mixedCase
Function IACLManager.POOL_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#22) is not in mixedCase
Function IACLManager.EMERGENCY_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#28) is not in mixedCase
Function IACLManager.RISK_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#34) is not in mixedCase
Function IACLManager.FLASH_BORROWER_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#40) is not in mixedCase
Function IACLManager.BRIDGE_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#46) is not in mixedCase
Function IACLManager.ASSET_LISTING_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#52) is not in mixedCase
Function IPool.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IPool.sol#630) is not in mixedCase
Function IPool.MAX_STABLE_RATE_BORROW_SIZE_PERCENT() (@aave/core-v3/contracts/interfaces/IPool.sol#693) is not in mixedCase
Function IPool.FLASHLOAN_PREMIUM_TOTAL() (@aave/core-v3/contracts/interfaces/IPool.sol#699) is not in mixedCase
Function IPool.BRIDGE_PROTOCOL_FEE() (@aave/core-v3/contracts/interfaces/IPool.sol#705) is not in mixedCase
Function IPool.FLASHLOAN_PREMIUM_TO_PROTOCOL() (@aave/core-v3/contracts/interfaces/IPool.sol#711) is not in mixedCase
Function IPool.MAX_NUMBER_RESERVES() (@aave/core-v3/contracts/interfaces/IPool.sol#717) is not in mixedCase
Function IPoolDataProvider.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IPoolDataProvider.sol#21) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy._admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Variable VersionedInitializable.______gap (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Variable PoolConfigurator._addressesProvider (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#26) is not in mixedCase
Variable PoolConfigurator._pool (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#27) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0xFDA7ffA872bDc906D43079EA134ebC9a511db0c2 analyzed (22 contracts with 79 detectors), 78 result(s) found